In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-31T21:00:00

Updated: 2024-08-06T08:43:42.540Z

Reserved: 2018-03-31T00:00:00

Link: CVE-2015-9259

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-31T21:29:00.310

Modified: 2024-11-21T02:40:10.810

Link: CVE-2015-9259

cve-icon Redhat

No data.