CLEANSTART-2026-FK30234

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-FK30234.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-FK30234
Upstream
  • CVE-2026-34986
  • ghsa-78h2-9frx-2jm8
  • ghsa-f6x5-jh6r-wrfv
  • ghsa-j5w8-q4qc-rx2x
Published
2026-04-30T00:36:57.018431Z
Modified
2026-04-30T05:17:20.269362Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web To...
Details

Multiple security vulnerabilities affect the tekton-pipelines-fips package. Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. See references for individual vulnerability details.

References

Affected packages

CleanStart / tekton-pipelines-fips

Package

Name
tekton-pipelines-fips

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0-r1

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-FK30234.json"