Lucene search
K

5 matches found

OSV
OSV
added 2021/08/25 8:56 p.m.25 views

GHSA-5Q2R-92F9-4M49 Improper verification of signature threshold in tough

Impact The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a...

8.6CVSS9AI score0.01357EPSS
Exploits0References6
OSV
OSV
added 2020/07/09 7:15 p.m.15 views

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

8.6CVSS9.3AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/07/09 7:15 p.m.2 views

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

9.8CVSS8.4AI score0.01357EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2020/07/09 7:15 p.m.18 views

Information disclosure

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

5CVSS9AI score0.01357EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/07/09 12:0 p.m.76 views

RUSTSEC-2020-0024 Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...

8.6CVSS9AI score0.01357EPSS
Exploits0References3
Rows per page
Query Builder