Filtered by vendor Docker Subscriptions
Filtered by product Notary Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-9259 1 Docker 1 Notary 2024-11-21 N/A
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
CVE-2015-9258 1 Docker 1 Notary 2024-11-21 N/A
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.