Vulnerability-Lookup

CVE-2024-54140 (GCVE-0-2024-54140)

Vulnerability from cvelistv5 – Published: 2024-12-05 22:08 – Updated: 2024-12-10 14:55

Title

sigstore-java has a vulnerability with bundle verification

Summary

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0.

Severity ?

2.1 (Low)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/sigstore/sigstore-java/securit…	x_refsource_CONFIRM
	https://github.com/sigstore/sigstore-conformance/…	x_refsource_MISC
	https://github.com/sigstore/sigstore-java/commit/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	sigstore	sigstore-java	Affected: < 1.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sigstore:sigstore-java:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sigstore-java",
            "vendor": "sigstore",
            "versions": [
              {
                "lessThan": "1.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54140",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T14:51:47.403238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T14:55:08.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sigstore-java",
          "vendor": "sigstore",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn\u0027t actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T22:08:37.195Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr"
        },
        {
          "name": "https://github.com/sigstore/sigstore-conformance/pull/139",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sigstore/sigstore-conformance/pull/139"
        },
        {
          "name": "https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9"
        }
      ],
      "source": {
        "advisory": "GHSA-jp26-88mw-89qr",
        "discovery": "UNKNOWN"
      },
      "title": "sigstore-java has a vulnerability with bundle verification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-54140",
    "datePublished": "2024-12-05T22:08:37.195Z",
    "dateReserved": "2024-11-29T18:02:16.755Z",
    "dateUpdated": "2024-12-10T14:55:08.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-54140\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-10T14:51:47.403238Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sigstore:sigstore-java:*:*:*:*:*:*:*:*\"], \"vendor\": \"sigstore\", \"product\": \"sigstore-java\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-10T14:55:03.418Z\"}}], \"cna\": {\"title\": \"sigstore-java has a vulnerability with bundle verification\", \"source\": {\"advisory\": \"GHSA-jp26-88mw-89qr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"sigstore\", \"product\": \"sigstore-java\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.2.0\"}]}], \"references\": [{\"url\": \"https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr\", \"name\": \"https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/sigstore/sigstore-conformance/pull/139\", \"name\": \"https://github.com/sigstore/sigstore-conformance/pull/139\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9\", \"name\": \"https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn\u0027t actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-05T22:08:37.195Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-54140\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-10T14:55:08.151Z\", \"dateReserved\": \"2024-11-29T18:02:16.755Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-05T22:08:37.195Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-54140

Vulnerability from fkie_nvd - Published: 2024-12-05 22:15 - Updated: 2024-12-05 22:15

Severity ?

2.1 (Low) - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/sigstore/sigstore-conformance/pull/139
	security-advisories@github.com	https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9
	security-advisories@github.com	https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn\u0027t actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0."
    },
    {
      "lang": "es",
      "value": "sigstore-java es un cliente java de sigstore para interactuar con la infraestructura de sigstore. sigstore-java no tiene suficiente verificaci\u00f3n para una situaci\u00f3n en la que un paquete proporciona una firma no v\u00e1lida para un punto de control. Este error afecta a los clientes que usan cualquier variaci\u00f3n de KeylessVerifier.verify(). Actualmente, los puntos de control solo se usan para garantizar que el registro en cuesti\u00f3n proporcion\u00f3 el hash ra\u00edz de una prueba de inclusi\u00f3n. Si no se puede validar eso, un paquete puede proporcionar una prueba de inclusi\u00f3n que en realidad no corresponde al registro en cuesti\u00f3n. Esto puede eventualmente hacer que un monitor/testigo no pueda detectar cu\u00e1ndo los registros comprometidos brindan diferentes vistas de s\u00ed mismos a diferentes clientes. Existen otros mecanismos en este momento que mitigan esto, como la timestamp de entrada firmada. Sigstore-java actualmente requiere una timestamp de entrada firmada v\u00e1lida. Al verificar correctamente la timestamp de entrada firmada, podemos hacer ciertas afirmaciones sobre el registro que firma la entrada del registro (como si el registro estuviera al tanto del evento de firma del artefacto y lo firmara). Por lo tanto, el impacto en los clientes que no son monitores/testigos es muy bajo. Esta vulnerabilidad se corrigi\u00f3 en 1.2.0."
    }
  ],
  "id": "CVE-2024-54140",
  "lastModified": "2024-12-05T22:15:20.400",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-05T22:15:20.400",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/sigstore/sigstore-conformance/pull/139"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-JP26-88MW-89QR

Vulnerability from github – Published: 2024-12-05 22:22 – Updated: 2024-12-06 00:32

Summary

sigstore-java has a vulnerability with bundle verification

Details

Summary

sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint.

Impact

This bug impacts clients using any variation of KeylessVerifier.verify()

Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients.

There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low.

All cryptographic materials and identity information in the bundle must still be verified for the verification to pass. A valid signed entry timestamp is still required for verification to pass.

sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.

Steps To Reproduce

Build the java sigstore-cli at v1.1.0

git clone --branch v1.1.0 git@github.com:sigstore/sigstore-java
cd sigstore-java
./gradlew :sigstore-cli:build
tar -xf sigstore-cli/build/distributions/sigstore-cli-1.1.0-SNAPSHOT.tar --strip-components 1

Create some random blob and sign it

dd bs=1 count=50 </dev/urandom > blob
./bin/sigstore-cli sign --bundle=blob.sigstore.json blob

Modify the checkpoint signature on the bundle, this is the last base64 section in the checkpoint, the following diff just swaps changes the last 3 base64 characters to aaa.

"checkpoint": {
+    "envelope": "rekor.sigstore.dev - 1193050959916656506\n29874050\nhnEOPEa6SDzqJDydU+J96TQyfYfqEpsGg0aVbmfjWDw\u003d\n\n— rekor.sigstore.dev wNI9ajBFAiEA4M7t/9b42FzeArRhC6oRvs7UvKwklaFLYfDDGTi2R4kCIBNc2d0VCyUbs3hd+bI7+0RHhvLOdAqYg7j/3xPe2ZPb\n"
-    "envelope": "rekor.sigstore.dev - 1193050959916656506\n29874050\nhnEOPEa6SDzqJDydU+J96TQyfYfqEpsGg0aVbmfjWDw\u003d\n\n— rekor.sigstore.dev wNI9ajBFAiEA4M7t/9b42FzeArRhC6oRvs7UvKwklaFLYfDDGTi2R4kCIBNc2d0VCyUbs3hd+bI7+0RHhvLOdAqYg7j/3xPe2aaa\n"
}

./bin/sigstore-cli verify --bundle=blob.sigstore.json blob
# no errors???!

Patches

Patched in v1.2.0 release (patch: https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9) Conformance tests added https://github.com/sigstore/sigstore-conformance/pull/139

Workarounds

Verifiers may chose to verify the checkpoint manually after running KeylessVerifier.verify()

var bundle = Bundle.from(bundleFile, StandardCharsets.UTF_8);
var entry = bundle.getEntries().get(0);
var checkpoint = entry.getVerification().getInclusionProof().parsedCheckpoint();
var signedData = Splitter.on("\n\n").splitToList(entry.getVerification().getInclusionProof().getCheckpoint()).get(0) + "\n";

var tufClient = SigstoreTufClient.builder().usePublicGoodInstance().build();
tufClient.update();
var trustedRoot = tufClient.getSigstoreTrustedRoot();
var tlog =  TransparencyLog.find(trustedRoot.getTLogs(), Hex.decode(entry.getLogID()), entry.getIntegratedTimeInstant());

if (!Verifiers.newVerifier(tlog.get().getPublicKey().toJavaPublicKey()).verify(signedData.getBytes(StandardCharsets.UTF_8), checkpoint.getSignatures().get(0).getSignature())) {
  throw new Exception("Checkpoint signature was invalid");
}

Severity ?

2.1 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "dev.sigstore:sigstore-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-54140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-05T22:22:49Z",
    "nvd_published_at": "2024-12-05T22:15:20Z",
    "severity": "LOW"
  },
  "details": "### Summary\nsigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint.\n\n### Impact\nThis bug impacts clients using any variation of KeylessVerifier.verify()\n\nCurrently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn\u0027t actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients.\n\nThere are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low.\n\nAll cryptographic materials and identity information in the bundle must still be verified for the verification to pass. A valid signed entry timestamp is still required for verification to pass.\n\nsigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality.\n\n### Steps To Reproduce\nBuild the java sigstore-cli at v1.1.0\n```shell\ngit clone --branch v1.1.0 git@github.com:sigstore/sigstore-java\ncd sigstore-java\n./gradlew :sigstore-cli:build\ntar -xf sigstore-cli/build/distributions/sigstore-cli-1.1.0-SNAPSHOT.tar --strip-components 1\n```\n\nCreate some random blob and sign it\n```shell\ndd bs=1 count=50 \u003c/dev/urandom \u003e blob\n./bin/sigstore-cli sign --bundle=blob.sigstore.json blob\n```\n\nModify the checkpoint signature on the bundle, this is the last base64 section in the checkpoint, the following diff just swaps changes the last 3 base64 characters to aaa.\n```diff\n\"checkpoint\": {\n+    \"envelope\": \"rekor.sigstore.dev - 1193050959916656506\\n29874050\\nhnEOPEa6SDzqJDydU+J96TQyfYfqEpsGg0aVbmfjWDw\\u003d\\n\\n\u2014 rekor.sigstore.dev wNI9ajBFAiEA4M7t/9b42FzeArRhC6oRvs7UvKwklaFLYfDDGTi2R4kCIBNc2d0VCyUbs3hd+bI7+0RHhvLOdAqYg7j/3xPe2ZPb\\n\"\n-    \"envelope\": \"rekor.sigstore.dev - 1193050959916656506\\n29874050\\nhnEOPEa6SDzqJDydU+J96TQyfYfqEpsGg0aVbmfjWDw\\u003d\\n\\n\u2014 rekor.sigstore.dev wNI9ajBFAiEA4M7t/9b42FzeArRhC6oRvs7UvKwklaFLYfDDGTi2R4kCIBNc2d0VCyUbs3hd+bI7+0RHhvLOdAqYg7j/3xPe2aaa\\n\"\n}\n```\n\n```shell\n./bin/sigstore-cli verify --bundle=blob.sigstore.json blob\n# no errors???!\n```\n### Patches\nPatched in v1.2.0 release (patch: https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9)\nConformance tests added https://github.com/sigstore/sigstore-conformance/pull/139\n\n### Workarounds\nVerifiers may chose to verify the checkpoint manually after running `KeylessVerifier.verify()`\n```java\nvar bundle = Bundle.from(bundleFile, StandardCharsets.UTF_8);\nvar entry = bundle.getEntries().get(0);\nvar checkpoint = entry.getVerification().getInclusionProof().parsedCheckpoint();\nvar signedData = Splitter.on(\"\\n\\n\").splitToList(entry.getVerification().getInclusionProof().getCheckpoint()).get(0) + \"\\n\";\n\nvar tufClient = SigstoreTufClient.builder().usePublicGoodInstance().build();\ntufClient.update();\nvar trustedRoot = tufClient.getSigstoreTrustedRoot();\nvar tlog =  TransparencyLog.find(trustedRoot.getTLogs(), Hex.decode(entry.getLogID()), entry.getIntegratedTimeInstant());\n\nif (!Verifiers.newVerifier(tlog.get().getPublicKey().toJavaPublicKey()).verify(signedData.getBytes(StandardCharsets.UTF_8), checkpoint.getSignatures().get(0).getSignature())) {\n  throw new Exception(\"Checkpoint signature was invalid\");\n}\n```\n",
  "id": "GHSA-jp26-88mw-89qr",
  "modified": "2024-12-06T00:32:50Z",
  "published": "2024-12-05T22:22:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/security/advisories/GHSA-jp26-88mw-89qr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54140"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-conformance/pull/139"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/sigstore-java/commit/23fb4885e6704a5df4977f7acf253a745349edf9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/sigstore-java"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "sigstore-java has a vulnerability with bundle verification"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-54140 (GCVE-0-2024-54140)

FKIE_CVE-2024-54140

GHSA-JP26-88MW-89QR

Summary

Impact

Steps To Reproduce

Patches

Workarounds

Tags

Sightings

Nomenclature