Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attacker must supply the crafted bundle (PR:L); no confidentiality or availability impact; integrity impact is high as certificate validity enforcement is bypassed.
Primary rating from Vendor (https://github.com/sigstore/sigstore-js).
CVSS VectorVendor: https://github.com/sigstore/sigstore-js
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 10 npm packages depend on @sigstore/verify (2 direct, 8 indirect)
Ecosystem-wide dependent count for version 3.1.0.
DescriptionCVE.org
sigstore-js derives a transparency-log timestamp from tlogEntries[].integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only (no signed inclusionPromise/set), and the inclusion proof path does not cryptographically bind integratedTime. As a result, an attacker who can supply an untrusted bundle can influence time-based verification decisions by choosing integratedTime.
impact
If a consumer accepts attacker-provided bundle v0.2 inputs and relies on tlog-derived timestamps for certificate validity checks, verification can be influenced by an unauthenticated timestamp value. This is a trust gap: integratedTime is treated as a trusted observer timestamp under inclusionProof-only mode even though only the signed inclusionPromise/set path binds it.
affected code
packages/verify/src/bundle/index.ts(adds a transparency-log timestamp wheneverintegratedTime != 0)packages/verify/src/timestamp/index.ts(convertsintegratedTimeto aDate)packages/verify/src/verifier.ts(verifies timestamps before verifying tlog inclusion)packages/verify/src/tlog/index.ts+packages/verify/src/tlog/set.ts(only the inclusionPromise/set path bindsintegratedTime)
proof of concept
The attached poc.zip contains a self-contained harness that reproduces the behavior on the pinned commit and includes both a canonical test and a negative control.
repro:
- extract
poc.zipinto a fresh directory and run the make targets:
unzip poc.zip -d poc
cd poc/poc-F-SIG-JS-TLOGTIME-001
make canonical
make control- confirm
canonical.logincludes:
[CALLSITE_HIT]:
[PROOF_MARKER]:- confirm
control.logincludes:
[NC_MARKER]:suggested fix
Only treat integratedTime as a trusted timestamp when it is cryptographically bound (for example, via a verified signed inclusionPromise/set). For inclusionProof-only entries, do not count integratedTime toward timestampThreshold, and do not use it for certificate validity decisions unless there is another signed time source (for example, an rfc3161 timestamp).
AnalysisAI
Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity window checks by controlling the integratedTime field in an inclusionProof-only tlog entry. Because the inclusionProof-only code path in @sigstore/verify does not cryptographically bind integratedTime (unlike the signed inclusionPromise/set path), a low-privileged attacker who can present an untrusted bundle can cause the verifier to accept expired or not-yet-valid signing certificates as currently valid. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two simultaneous conditions: (1) the application accepts bundle v0.2 format inputs that are attacker-supplied or attacker-modifiable - bundles fetched from fully trusted, integrity-protected sources are not affected if the attacker cannot tamper with them in transit or at rest; and (2) the verifier relies on tlog-derived timestamps (the `integratedTime` field from `tlogEntries[]`) for certificate validity window checks or to satisfy `timestampThreshold`. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) reflects a medium-severity finding with high integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with write access to an artifact registry or the ability to intercept a bundle download crafts a bundle v0.2 with a tlog entry in inclusionProof-only mode and sets `integratedTime` to a value that falls within the validity window of an already-expired signing certificate. When the sigstore-js verifier processes this bundle, it trusts the attacker-supplied `integratedTime` as the log-observed timestamp, causes the certificate validity check to pass, and accepts the bundle as validly signed despite the certificate being expired. … |
| Remediation | The upstream fix described in the advisory is to restrict trust in `integratedTime` to cases where it is cryptographically bound: only the signed inclusionPromise/set path should contribute `integratedTime` to `timestampThreshold` or certificate validity decisions; the inclusionProof-only path must not use `integratedTime` as a trusted timestamp unless an independent signed time source (e.g., an RFC 3161 timestamp) is also present. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra
An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT
Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte
Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. Rate
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44502
GHSA-xgjw-pm74-86q4