CVE-2022-23649 is a vulnerability in the sigstore project's cosign tool, which is used for container image signing, verification, and storage within OCI registries. Prior to version 1.5.2, cosign improperly validated certificate signatures related to entries in the Rekor transparency log. Specifically, an attacker with both pull and push permissions for signatures in the OCI registry could manipulate cosign into falsely believing that a signature entry existed in the Rekor log when it did not. This flaw affects both standard keypair-based signing and keyless signing using Fulcio. The root cause is that cosign did not verify that the signature in the Rekor log's signedEntryTimestamp matched the signature being verified, allowing an attacker to copy a valid signature bundle to a different signature and bypass verification. The vulnerability compromises the integrity assurance that cosign aims to provide, as it can be tricked into accepting unsigned or tampered container images as validly signed. The issue was addressed in cosign version 1.5.2 by adding a strict comparison between the Rekor log signature and the signature under verification, and by ensuring that cosign only reports certificate verification success if a certificate was genuinely verified. There is no known workaround other than upgrading to the patched version. No known exploits have been reported in the wild to date.

For European organizations relying on cosign for container image signing and verification, this vulnerability undermines the trustworthiness of container supply chains. Attackers with push and pull access to the OCI registry could inject or substitute container images with malicious payloads while making cosign falsely report them as properly signed and logged in Rekor. This could lead to deployment of compromised containers in production environments, potentially resulting in unauthorized code execution, data breaches, or disruption of critical services. Given the increasing adoption of containerization and DevSecOps practices in Europe, especially in sectors like finance, manufacturing, and critical infrastructure, the impact could be significant. The integrity and provenance guarantees provided by cosign are critical for compliance with security standards and regulations such as the EU Cybersecurity Act and NIS2 Directive. Failure to patch this vulnerability could expose organizations to supply chain attacks and compliance violations.

The primary mitigation is to upgrade all cosign deployments to version 1.5.2 or later, where the vulnerability is patched. Organizations should audit their container signing workflows to ensure no legacy versions of cosign are in use. Additionally, restrict OCI registry permissions rigorously to minimize the number of users or systems with push and pull rights for signatures, reducing the attack surface. Implement monitoring and alerting on unusual signature push or pull activities in the OCI registry. Integrate additional verification steps in CI/CD pipelines, such as cross-checking signatures against multiple transparency logs or using complementary signing tools to detect anomalies. For environments where immediate upgrade is not feasible, consider isolating cosign usage to non-production environments until patched. Finally, educate DevOps and security teams about the importance of verifying signature provenance and the risks of improper certificate validation.