## This update for cosign fixes the following issues: * CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to log file (bsc#1227031) * CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to potentially dangerous situations (bsc#1232985) * CVE-2025-27144: cosign: github.com/go-jose/go-jose/v4,github.com/go-jose/go- jose/v3: Fixed denial of service in Go JOSE's Parsing (bsc#1237682) * CVE-2025-22870: cosign: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238693) * CVE-2025-22868: cosign: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239204)
* bsc#1227031
* bsc#1232985
* bsc#1237682
* bsc#1238693
* bsc#1239204
* bsc#1239337
* jsc#SLE-23476
Cross-
* CVE-2024-51744
* CVE-2024-6104
* CVE-2025-22868
* CVE-2025-22869
* CVE-2025-22870
* CVE-2025-27144
CVSS scores:
* CVE-2024-51744 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-51744 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-51744 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-22868 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Get the latest Linux and open source security news straight to your inbox.