Rekor
Monthly
Rekor versions 1.4.3 and earlier contain a server-side request forgery (SSRF) vulnerability in the /api/v1/index/retrieve endpoint that allows unauthenticated remote attackers to probe internal networks through blind SSRF attacks by supplying arbitrary URLs for public key retrieval. While the vulnerability cannot directly exfiltrate data or modify state since responses are not returned and only GET requests are supported, it enables reconnaissance of internal infrastructure. The issue is patched in version 1.5.0, or can be mitigated by disabling the retrieve API with --enable_retrieve_api=false.
Rekor versions 1.4.3 and below are vulnerable to denial of service through a null pointer dereference when processing malformed cose/v0.0.1 entries with empty spec.message fields. An unauthenticated remote attacker can trigger a panic in the Rekor process by sending a specially crafted entry, resulting in a 500 error response and temporary service disruption, though the thread recovery mechanism limits availability impact. The vulnerability has been patched in version 1.5.0.
Rekor versions 1.4.3 and earlier contain a server-side request forgery (SSRF) vulnerability in the /api/v1/index/retrieve endpoint that allows unauthenticated remote attackers to probe internal networks through blind SSRF attacks by supplying arbitrary URLs for public key retrieval. While the vulnerability cannot directly exfiltrate data or modify state since responses are not returned and only GET requests are supported, it enables reconnaissance of internal infrastructure. The issue is patched in version 1.5.0, or can be mitigated by disabling the retrieve API with --enable_retrieve_api=false.
Rekor versions 1.4.3 and below are vulnerable to denial of service through a null pointer dereference when processing malformed cose/v0.0.1 entries with empty spec.message fields. An unauthenticated remote attacker can trigger a panic in the Rekor process by sending a specially crafted entry, resulting in a 500 error response and temporary service disruption, though the thread recovery mechanism limits availability impact. The vulnerability has been patched in version 1.5.0.