Vulnerabilities (CVE)

Filtered by vendor Docker Subscribe
Filtered by product Notary
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9259 1 Docker 1 Notary 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
CVE-2015-9258 1 Docker 1 Notary 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.