GHSA-mhg6-2q2v-9h2c

Suggest an improvement
Source
https://github.com/advisories/GHSA-mhg6-2q2v-9h2c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-mhg6-2q2v-9h2c/GHSA-mhg6-2q2v-9h2c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mhg6-2q2v-9h2c
Aliases
Published
2026-03-11T00:24:42Z
Modified
2026-03-13T05:55:24.846560Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
Details

Summary

Sigstore::Verifier#verify does not propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardless of whether the artifact matches the attested subject.

Details

In lib/sigstore/verifier.rb, the verify method calls verify_in_toto (line 176) without capturing or checking its return value:

verify_in_toto(input, in_toto)

When verify_in_toto detects a digest mismatch, it returns a VerificationFailure object. Because the caller discards this return value, execution unconditionally falls through to return VerificationSuccess. This is the only verification sub-check in the method (out of 12) whose failure is not propagated.

The message_signature code path is not affected.

Impact

An attacker who possesses a valid signed DSSE bundle containing an in-toto attestation for artifact A can present it as a valid attestation for a different artifact B. All other verification checks (DSSE envelope signature, certificate chain, Rekor inclusion, SCTs, policy) pass because they are independent of the artifact content. Only the in-toto subject digest check detects the mismatch, and its result is discarded.

This allows an attacker to bypass artifact-to-attestation binding for any consumer that relies on Sigstore::Verifier#verify to validate DSSE/in-toto bundles.

Workarounds

None. Consumers cannot work around this without patching the library.

Database specific 
{
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-252"
    ],
    "github_reviewed_at": "2026-03-11T00:24:42Z",
    "nvd_published_at": "2026-03-10T22:16:21Z"
}
References

Affected packages

RubyGems / sigstore

Package

Name
sigstore
Purl
pkg:gem/sigstore

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.3

Affected versions

0.*
0.1.1
0.2.0
0.2.1
0.2.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-mhg6-2q2v-9h2c/GHSA-mhg6-2q2v-9h2c.json"