Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS5.5AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 6:46 p.m.5 views

GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/05 6:46 p.m.4 views

EUVD-2026-25628

awslabs/tough is Missing Delegated Metadata Validation...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/05 6:46 p.m.7 views

awslabs/tough is Missing Delegated Metadata Validation

Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2026/04/24 8:16 p.m.5 views

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS0.00246EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:41 p.m.7 views

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/24 7:41 p.m.3 views

CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/24 7:41 p.m.34 views

CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS0.00246EPSS
Exploits0References6
CVE
CVE
added 2026/04/24 7:41 p.m.17 views

CVE-2026-6967

Affected software: awslabs/tough (before tough-v0.22.0) with delegated metadata validation. Root cause: missing expiration, hash, and length enforcement in delegated metadata validation causing load_delegations to bypass TUF integrity checks for delegated targets metadata. Impact: remote authenti...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.3 views

PT-2026-35080

Name of the Vulnerable Software and Affected Versions tough versions prior to 0.22.0 Description Remote authenticated users with delegated signing authority can bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache. This occurs because the lo...

7.1CVSS5.1AI score0.00246EPSS
Exploits0References13
Rows per page
Query Builder