Impact
PolicyController will report a false positive, resulting in an admission when it should not be admitted when:
- There is at least one attestation with a valid signature
- There are NO attestations of the type being verified (--type defaults to "custom")
An example image that can be used to test this is:
ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2
And an example CIP targeting this:
apiVersion: policy.sigstore.dev/v1beta1
kind: ClusterImagePolicy
metadata:
name: spdx-busybox
spec:
authorities:
- attestations:
- name: spdx-keyless
predicateType: spdx
keyless:
url: https://fulcio.sigstore.dev/
images:
- glob: "ghcr.io/distroless/busybox*"
This should not pass, but it will:
kubectl run busybox --image ghcr.io/distroless/busybox -- sleep 3600
pod/busybox created
Patches
Users should upgrade to cosign version 0.2.1 or greater for a patch.
Workarounds
None.
References
Thanks @mattmoor for discovering this!
For more information
mattmoor Analyst
Impact
PolicyController will report a false positive, resulting in an admission when it should not be admitted when:
An example image that can be used to test this is:
And an example CIP targeting this:
This should not pass, but it will:
Patches
Users should upgrade to cosign version 0.2.1 or greater for a patch.
Workarounds
None.
References
Thanks @mattmoor for discovering this!
For more information