Insecure Keys Management

github.com/google/exposure-notifications-server uses an insecure key management. An attacker can re-publish imported keys before they have expired, allowing for potential replay of RPIs...

Import of incorrectly embargoed keys could cause early publication

Impact If your installation is using the export-importer service, there is potential impact. If your installation is not importing keys via the export-importer services, your installation is not impacted. In versions 0.19.1 and earlier, the export-importer service assumed that the server it was...