What is CVE-2024-51746?

CVE-2024-51746 is a vulnerability in Sigstore Gitsign, classified under Use of Incorrectly-Resolved Name or Reference. Published 2024-11-05.

Is CVE-2024-51746 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sigstore Gitsign

CVE-2024-51746

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor'…

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

Affected products

Sigstore Gitsign — versions < 0.11.0

Weakness classification (CWE)

CWE-706 — Use of Incorrectly-Resolved Name or Reference

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/sigstore/gitsign/security/advisories/GHSA-8pmp-678w-c8xx (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-51746?: CVE-2024-51746 is a vulnerability in Sigstore Gitsign, classified under Use of Incorrectly-Resolved Name or Reference. Published 2024-11-05.
Is CVE-2024-51746 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.