We found results for “”
WS-2022-0305
Good to know:
Date: September 16, 2022
If an attacker is able to control a threshold of keys to insert the same public key more than once with different key IDs into signed, trusted metadata on a TUF repository, then go-tuf clients < 0.3.2 are susceptible to an attack where attackers can cause the same signature from the same public key to be counted more than once against the threshold of signatures because they were mistakenly distinguished due to having different key IDs.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Key Exchange without Entity Authentication
CWE-322Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |