Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-15093
HistoryJul 09, 2020 - 7:15 p.m.

CVE-2020-15093

2020-07-0919:15:11
CWE-347
[email protected]
web.nvd.nist.gov
7

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.002

Percentile

60.7%

JSON

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.

Affected configurations

Nvd
Node
amazontoughRange<0.7.1rust
VendorProductVersionCPE
amazontough*cpe:2.3:a:amazon:tough:*:*:*:*:*:rust:*:*

Related

osv 6
cve 2
rustsec 1
prion 2
cvelist 2
github 2
veracode 2
nvd 1
osv
osv
Improper uniqueness verification of signature threshold
2020-07-09 12:00:00
Improper verification of signature threshold in tough
2021-08-25 20:56:55
CVE-2020-15093
2020-07-09 19:15:11
cve
cve
CVE-2020-15093
2020-07-09 19:15:11
CVE-2020-6174
2020-02-05 16:15:11
rustsec
rustsec
Improper uniqueness verification of signature threshold
2020-07-09 12:00:00
prion
prion
Information disclosure
2020-07-09 19:15:00
Input validation
2020-02-05 16:15:00
cvelist
cvelist
CVE-2020-15093 Improper verification of signature threshold in tough
2020-07-09 18:45:16
CVE-2020-6174
2020-02-05 15:49:15
github
github
Improper verification of signature threshold in tough
2021-08-25 20:56:55
Incorrect threshold signature computation in TUF
2020-08-21 16:25:26
veracode
veracode
Improper Cryptographic Signature Verification
2020-07-13 05:20:19
Improper Verification Of Cryptographic Signatures
2020-02-06 01:23:06
nvd
nvd
CVE-2020-6174
2020-02-05 16:15:11

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.002

Percentile

60.7%

JSON
Related for NVD:CVE-2020-15093
osv6cve2rustsec1prion2cvelist2github2veracode2nvd1