In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-31T21:00:00
Updated: 2024-08-06T08:43:42.540Z
Reserved: 2018-03-31T00:00:00
Link: CVE-2015-9259
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-31T21:29:00.310
Modified: 2024-11-21T02:40:10.810
Link: CVE-2015-9259
Redhat
No data.