CVE-2020-15163

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer.
Configurations

Configuration 1

cpe:2.3:a:linuxfoundation:the_update_framework:*:*:*:*:*:*:*:*

Information

Published : 2020-09-09 06:15

Updated : 2021-11-18 05:45


NVD link : CVE-2020-15163

Mitre link : CVE-2020-15163

Products Affected
No products.
CWE