QwikSec

Security Database

CVE

CWE

Training

CVE-2015-9259

Published: Mar 31, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.docker.com/notary/changelog/

x_refsource_MISC

https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.