Описание
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 0.1~ds1-1 |
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | not-affected | 0.1~ds1-1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 0.1~ds1-1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
In Docker Notary before 0.1, the checkRoot function in gotuf/client/cl ...
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3