Description
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6.
Published: 2026-04-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authorization bypass via forged certificates
Action: Update Patch
AI Analysis

Impact

Sigstore Timestamp Authority implements RFC 3161 timestamp verification, but the VerifyTimestampResponse function only verifies the signature chain and then incorrectly applies TSA‑specific constraints to the first non‑CA certificate in the PKCS#7 bag instead of the leaf certificate of the verified chain. An attacker can prepend a forged certificate to the bag while the signed message remains valid, causing the library to validate the signature against one certificate and apply authorization checks against another. This flaw allows an attacker to bypass authorization checks and potentially obtain timestamp responses that appear legitimately signed by an authorized key.

Affected Systems

The affected product is the sigstore timestamp‑authority service. Versions 2.0.5 and earlier of the timestamp‑authority/v2/pkg/verification package are vulnerable. The issue was fixed in release 2.0.6.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted PKCS#7 certificate bag to a client that uses VerifyTimestampResponse; the service itself is not vulnerable. Attackers could thus forge timestamp responses that pass verification but bypass the intended authorization checks.

Generated by OpenCVE AI on April 15, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to timestamp‑authority version 2.0.6 or later
  • Ensure that the VerifyTimestampResponse function is only called with certificates that originate from a trusted, validated source
  • If an upgrade is not immediately possible, disable or restrict the use of the VerifyTimestampResponse function in client applications and monitor for unexpected certificate chains

Generated by OpenCVE AI on April 15, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xm5m-wgh2-rrg3 Sigstore Timestamp Authority has Improper Certificate Validation in verifier
History

Wed, 15 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Sigstore
Sigstore timestamp Authority
Vendors & Products Sigstore
Sigstore timestamp Authority

Wed, 15 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6.
Title Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Sigstore Timestamp Authority
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-14T23:41:47.909Z

Reserved: 2026-04-08T00:01:47.628Z

Link: CVE-2026-39984

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-15T04:17:40.203

Modified: 2026-04-15T04:17:40.203

Link: CVE-2026-39984

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T13:49:14Z

Weaknesses