CVE-2015-9259

CVE-2015-9259

In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.

Source: CVE-2015-9259

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다