3 matches found
GO-2024-3166 Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf
Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf...
notation-go's verification bypass can cause users to verify the wrong artifact
Impact An attacker who controls or compromises a registry can lead a user to verify the wrong artifact. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Workarounds User should use secure and trusted container...
Nomad Artifact Download Race Condition
Summary Nomad and Nomad Enterprise “Nomad” artifact download functionality had a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This vulnerability, CVE-2022-24686, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6. Background Nomad uses th...