📦

notary

Vendor: docker

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.42% Exploit Prob.

Latest CVE CVE-2015-9259 Mar 31

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2015-9259

RCE

In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.

EPSS: 0.49%

Severity: CRITICAL

Mar 31, 2018

7.5 CVSS

CVE-2015-9258

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.

EPSS: 0.34%

Severity: HIGH

Mar 31, 2018

Displaying 2 of 2 Total Entries

Total 1 Sections