2 matches found
CVE-2015-9258
CVE-2015-9258 concerns Docker Notary prior to 0.1. The vulnerability lies in gotuf/signed/verify.go where the Signature Algorithm Not Matched to Key allows an attacker who controls the signature-algorithm field to forge a signature by forcing RSA-PSS key data to be interpreted as Ed25519 elliptic...
CVE-2015-9259
CVE-2015-9259 affects Docker Notary prior to 0.1. The vulnerability is in the checkRoot function in gotuf/client/client.go, which does not verify the expiry of root.json files as documented. As a result, even if a new root.json is deployed after a key is compromised, an attacker can craft update ...