Lucene search
K

4 matches found

OSV
OSV
added 2026/05/05 6:46 p.m.6 views

GHSA-8M7C-8M39-RV4X awslabs/tough Delegated Roles have a Signature Threshold Bypass

Summary Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegate...

7CVSS5.8AI score0.00262EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/05 6:46 p.m.10 views

awslabs/tough Delegated Roles have a Signature Threshold Bypass

Summary Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegate...

7CVSS5.8AI score0.00262EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2026/04/24 7:44 p.m.33 views

CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...

7.1CVSS0.0052EPSS
Exploits0References6
OSV
OSV
added 2026/04/24 7:41 p.m.3 views

CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS6AI score0.00246EPSS
Exploits0References8
Rows per page
Query Builder