ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
- >= 0.2.3
DESCRIPTION
Summary
Sigstore::Verifier#verify does not propagate the VerificationFailure
returned by verify_in_toto when the artifact digest does not match
the digest in the in-toto attestation subject. As a result, verification
of DSSE bundles containing in-toto statements returns VerificationSuccess
regardless of whether the artifact matches the attested subject.
Details
In lib/sigstore/verifier.rb, the verify method calls verify_in_toto
(line 176) without capturing or checking its return value:
verify_in_toto(input, in_toto)
When verify_in_toto detects a digest mismatch, it returns a
VerificationFailure object. Because the caller discards this
return value, execution unconditionally falls through to return
VerificationSuccess. This is the only verification sub-check in
the method (out of 12) whose failure is not propagated.
The message_signature code path is not affected.
Impact
An attacker who possesses a valid signed DSSE bundle containing an in-toto attestation for artifact A can present it as a valid attestation for a different artifact B. All other verification checks (DSSE envelope signature, certificate chain, Rekor inclusion, SCTs, policy) pass because they are independent of the artifact content. Only the in-toto subject digest check detects the mismatch, and its result is discarded.
This allows an attacker to bypass artifact-to-attestation binding for
any consumer that relies on Sigstore::Verifier#verify to validate
DSSE/in-toto bundles.
Workarounds
None. Consumers cannot work around this without patching the library.