CVE-2022-35929 is a vulnerability in the sigstore cosign utility, a tool widely used for container image signing and verification. The flaw exists in versions prior to 1.10.1 and relates to improper verification of cryptographic signatures (CWE-347). Specifically, when using the 'cosign verify-attestation' command with the '--type' flag, the tool incorrectly reports a successful verification if any attestation with a valid signature exists, regardless of whether an attestation of the specified type is present. By default, the '--type' flag is set to 'custom'. This means that if an image has at least one validly signed attestation of any type but none matching the requested type, the verification will falsely succeed. For example, the distroless.dev/static image with a 'vuln' attestation but no 'spdx' attestation will still pass verification when checked with '--type=spdx'. This undermines the integrity guarantees of attestation verification, potentially allowing attackers to bypass security checks that rely on specific attestation types. The vulnerability affects both standard keypair signing and keyless signing with Fulcio. There are no known workarounds, and the issue was fixed in cosign version 1.10.1. No known exploits have been reported in the wild to date.

For European organizations relying on cosign for container image verification, this vulnerability can lead to a false sense of security by allowing images to be accepted as verified for specific attestation types when they are not. This can undermine supply chain security, enabling potentially malicious or non-compliant container images to be deployed in production environments. The impact affects confidentiality, integrity, and availability indirectly by permitting unverified or improperly verified images to run, which could contain vulnerabilities or malicious code. Sectors with high reliance on containerized applications, such as finance, healthcare, and critical infrastructure, may face increased risk of supply chain attacks or compliance violations. The vulnerability's exploitation does not require user interaction beyond running the verification command, but it does require the attacker to have control or influence over the attestation metadata. While no active exploits are known, the widespread adoption of cosign in cloud-native environments in Europe increases the potential attack surface. This risk is heightened in environments where strict attestation type verification is critical for regulatory compliance or security policies.

The primary mitigation is to upgrade cosign to version 1.10.1 or later, where the vulnerability is fixed. Organizations should audit their container signing and verification workflows to ensure they are not relying on vulnerable versions. Additionally, implement strict policy enforcement that does not solely depend on cosign's attestation verification but also includes secondary validation mechanisms such as manual attestation type checks or integration with complementary security tools. Monitoring and logging of attestation verification results should be enhanced to detect anomalies or unexpected verification successes. For environments using keyless signing with Fulcio, ensure that the signing infrastructure is secured and that attestation metadata is protected from tampering. Finally, organizations should consider isolating critical workloads and applying defense-in-depth strategies to minimize the impact of potentially unverified container images.