Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Docker Notary 安全漏洞
Vulnerability Description
Docker Notary是美国Docker公司的一套用于发布和管理可信内容集合的工具。 Docker Notary 0.1之前版本中的checkRoot function in gotuf/client/client.go文件存在安全漏洞,该漏洞源于程序没有检测root.json文件的失效日期。攻击者可利用该漏洞创建指向之前root.json文件的更新文件。
CVSS Information
N/A
Vulnerability Type
N/A