📦 Signserver

A logic error in Keyfactor SignServer container startup resets certificate access controls to 'allowany' on every restart instead of only initial setup. This allows any user with a valid trusted clien...

This vulnerability allows admin users in Keyfactor SignServer to enumerate local files by setting the VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH property to arbitrary paths. When the path points to an existi...

This vulnerability allows administrators in Keyfactor SignServer to write arbitrary files to any directory accessible by the JBoss user. Attackers with admin credentials can overwrite existing files, ...