Lucene search
K

5 matches found

NVD
NVD
added 2026/04/24 8:16 p.m.5 views

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS0.00246EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:44 p.m.6 views

CVE-2026-6968

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...

7.1CVSS5.4AI score0.0052EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35079

Name of the Vulnerable Software and Affected Versions awslabs/tough versions prior to 0.22.0 Description Improper verification of cryptographic signature uniqueness in delegated role validation allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a...

7CVSS5.2AI score0.00262EPSS
Exploits0References14
Cvelist
Cvelist
added 2025/03/27 10:22 p.m.20 views

CVE-2025-2886 Terminating targets role delegations are not respected in tough

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...

5.7CVSS0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/27 10:18 p.m.22 views

CVE-2025-2885 Root metadata version not validated in tough

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure...

5.7CVSS0.00307EPSS
Exploits0References3
Rows per page
Query Builder