fix(deps): update module github.com/sigstore/fulcio to v1.8.5 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/sigstore/fulcio	v1.6.5 → v1.8.5

---

Fulcio allocates excessive memory during token parsing

CVE-2025-66506 / GHSA-f83f-xpx7-ffpw

More information

Details

Function identity.extractIssuerURL currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods.

As a result, in the face of a malicious request with an (invalid) OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification)

Details
See identity.extractIssuerURL

Impact
Excessive memory allocation

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw
• https://nvd.nist.gov/vuln/detail/CVE-2025-66506
• https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a
• https://github.com/advisories/GHSA-f83f-xpx7-ffpw

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

CVE-2026-22772 / GHSA-59jp-pj84-45mr

More information

Details

Security Disclosure: SSRF via MetaIssuer Regex Bypass

Summary

Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services.

Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF.

Impact

• SSRF to cloud metadata (169.254.169.254)
• SSRF to internal Kubernetes APIs
• SSRF to any service accessible from Fulcio's network
• Affects ALL deployments using MetaIssuers

Patches

Upgrade to v1.8.5.

Workarounds

None. If anchors are included in the meta issuer configuration URL, they will be escaped before the regular expression is compiled, not making this a sufficient mitigation. Deployments must upgrade to the latest Fulcio release v1.8.5.

Affected Code

File: pkg/config/config.go
Function: metaRegex() (lines 143-156)

func metaRegex(issuer string) (*regexp.Regexp, error) {
    quoted := regexp.QuoteMeta(issuer)
    replaced := strings.ReplaceAll(quoted, regexp.QuoteMeta("*"), "[-_a-zA-Z0-9]+")
    return regexp.Compile(replaced)  // Missing ^ and $ anchors
}

The Bug

The regex has no ^ (start) or $ (end) anchors. Go's regexp.MatchString() does substring matching, so:

Pattern:  https://oidc.eks.*.amazonaws.com/id/*
Regex:    https://oidc\.eks\.[-_a-zA-Z0-9]+\.amazonaws\.com/id/[-_a-zA-Z0-9]+

Input:    https://attacker.com/x/https://oidc.eks.foo.amazonaws.com/id/bar
Result:   MATCHES (substring found)

Exploit

1. Attacker sends JWT with iss claim: https://attacker.com/path/https://oidc.eks.x.amazonaws.com/id/y
2. Fulcio's GetIssuer() matches this against MetaIssuer patterns
3. Unanchored regex matches the embedded pattern as substring
4. Fulcio calls oidc.NewProvider() with attacker's URL
5. HTTP request goes to attacker.com, not amazonaws.com
6. Attacker returns OIDC discovery with jwks_uri pointing to internal service
7. Fulcio fetches from internal service → SSRF

Severity

• CVSS Score: 5.8 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

References

• https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr
• https://nvd.nist.gov/vuln/detail/CVE-2026-22772
• https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d
• https://github.com/advisories/GHSA-59jp-pj84-45mr

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

sigstore/fulcio (github.com/sigstore/fulcio)

v1.8.5

Compare Source

Vulnerability Fixes

• GHSA-59jp-pj84-45mr - Server-side request forgery via MetaIssuer regex bypass (#​2263)

v1.8.4

Compare Source

Same changelog as v1.8.3, with a few dependency bumps to resolve a breaking API change

v1.8.3

Compare Source

Vulnerability Fixes

• GHSA-f83f-xpx7-ffpw; prevents OOM condition due to malformed OIDC token (#​2233)

Features

• feat: Add support for skipping email_verified claim requirement per issuer (#​2220)
• add meta-issuer circleci block (#​2215)
• add circleci info to fulcio (#​2192)

Testing

• Add basic E2E tests (#​2230)

v1.8.2

Compare Source

Testing

• make email address in test cases rfc822 conformant (#​2205)

v1.8.1

Compare Source

Same as v1.8.0, but with a fix for the CI build pipeline.

v1.8.0

Compare Source

Bug Fixes

• fix: K8s API does not accept unauthorized requests (#​2111)
• fix: vault for enterprise expects only the key name (#​2117)
• fix(config): respect cacert on oidc-issuers (#​2098)
• Register /healthz endpoint when listening on duplex http/grpc port (#​2046)

Features

• feat: adds cert loading and key-match validation. (#​2173)
• expose gcp kms retry and timeout options (#​2132)
• server: Use warning log level for client errors (#​2147)
• Add workflow to periodically validate OIDC issuers (#​2188)
• Add Chainguard issuer (#​2078)
• Add logging for template error (#​2194)
• Add extension for deployment environment (#​2190)

Removal

• Remove cmd/create_tink_keyset (#​2096)

v1.7.1

Compare Source

v1.7.1 contains a bug fix for extensions for CI providers where the OIDC claims
include HTML escape characters. If a client attempted to verify an extension value,
verification would fail unless an HTML-escaped string was used in the comparison.
Extension values will no longer be escaped.

Bug Fixes

• Do not HTML-escape extension values (#​2023)

v1.7.0

Compare Source

v1.7.0 includes a change to how proof of possession signatures are verified.
Fulcio has updated the expected hashing algorithm for ECDSA P-384 and P-521
signatures to be SHA-384 and SHA-512, in line with CSR signature verification.
Cosign is actively being updated to support this for when signing with a
managed key and requesting a certificate.

Features

• Allow configurable client signing algorithms (#​1938)
• Use different hash in proof of possession based on key (#​1959)
• Tls verification on OIDC issuers (#​1932)
• feat: adds cert-utility. (#​1870)
• feat: makes leaf optional and other changes. (#​1931)

Bug Fixes

• Remove err impossible condition: nil != nil (#​1934)
• mark principal and issuer class under pkg/identity as deprecated (#​1980)

Contributors

• Carlos Tadeu Panato Junior
• Hayden B
• ian hundere
• Praful Khanduri
• Ramon Petgrave
• Riccardo Schirone
• Sujal Gupta

v1.6.6

Compare Source

Features

• Configure additional certificate extensions for Buildkite (#​1903)
• Relax gomod (#​1909)
• update builder to use go1.23.4 (#​1883)
• config: Add IBM OIDC provider (#​1892)
• Add Kaggle identity provider (#​1850)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden B
• James Healy
• Stefan Berger
• Trishank Karthik Kuppusamy

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 4am"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 40 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.23.2 -> 1.25.0
github.com/google/go-cmp	v0.6.0 -> v0.7.0
github.com/google/trillian	v1.7.1 -> v1.7.2
github.com/secure-systems-lab/go-securesystemslib	v0.9.0 -> v0.9.1
github.com/sigstore/sigstore	v1.8.12 -> v1.10.3
github.com/google/go-containerregistry	v0.20.3 -> v0.20.7
github.com/spf13/cobra	v1.8.1 -> v1.10.2
golang.org/x/mod	v0.25.0 -> v0.30.0
sigs.k8s.io/release-utils	v0.9.0 -> v0.12.2
github.com/sagikazarmark/locafero	v0.4.0 -> v0.7.0
go.opentelemetry.io/auto/sdk	v1.1.0 -> v1.2.1
go.opentelemetry.io/otel/metric	v1.33.0 -> v1.38.0
google.golang.org/genproto/googleapis/api	v0.0.0-20241209162323-e6fa225c2576 -> v0.0.0-20251222181119-0a764e51fe1b
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250102185135-69823020774d -> v0.0.0-20251222181119-0a764e51fe1b
github.com/containerd/stargz-snapshotter/estargz	v0.16.3 -> v0.18.1
github.com/docker/cli	v27.5.0+incompatible -> v29.0.3+incompatible
github.com/docker/docker-credential-helpers	v0.8.2 -> v0.9.3
github.com/fsnotify/fsnotify	v1.7.0 -> v1.9.0
github.com/go-logr/logr	v1.4.2 -> v1.4.3
github.com/google/certificate-transparency-go	v1.2.1 -> v1.3.2
github.com/hashicorp/go-retryablehttp	v0.7.7 -> v0.7.8
github.com/klauspost/compress	v1.17.11 -> v1.18.1
github.com/opencontainers/image-spec	v1.1.0 -> v1.1.1
github.com/pelletier/go-toml/v2	v2.2.2 -> v2.2.3
github.com/sigstore/protobuf-specs	v0.3.3 -> v0.5.0
github.com/spf13/afero	v1.11.0 -> v1.12.0
github.com/spf13/cast	v1.7.0 -> v1.7.1
github.com/spf13/pflag	v1.0.5 -> v1.0.10
github.com/spf13/viper	v1.19.0 -> v1.20.1
github.com/vbatts/tar-split	v0.11.6 -> v0.12.2
go.opentelemetry.io/otel	v1.33.0 -> v1.38.0
go.opentelemetry.io/otel/trace	v1.33.0 -> v1.38.0
go.uber.org/zap	v1.27.0 -> v1.27.1
golang.org/x/crypto	v0.36.0 -> v0.46.0
golang.org/x/net	v0.38.0 -> v0.48.0
golang.org/x/sync	v0.15.0 -> v0.19.0
golang.org/x/sys	v0.31.0 -> v0.39.0
golang.org/x/term	v0.30.0 -> v0.38.0
golang.org/x/text	v0.23.0 -> v0.32.0
google.golang.org/grpc	v1.69.4 -> v1.78.0
google.golang.org/protobuf	v1.36.3 -> v1.36.11