CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29601
https://notcve.org/view.php?id=CVE-2020-29601
08 Dec 2020 — The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. Las imágenes oficiales de docker notary versiones anteriores a signer-0.6.1-1, contienen una contraseña en blanco para un usuario root. El sistema que utiliza el contenedor de docker notary implementado por las versiones afectadas de la imagen... • https://github.com/koharin/koharin2/blob/main/CVE-2020-29601 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9258
https://notcve.org/view.php?id=CVE-2015-9258
31 Mar 2018 — In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data. En Docker Notary en versiones anteriores a la 0.1, gotuf/signed/verify.go tiene una vulnerabilidad de algoritmo de firma que no coincide con la clave. Dado que un atacante controla el campo ... • https://docs.docker.com/notary/changelog • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9259
https://notcve.org/view.php?id=CVE-2015-9259
31 Mar 2018 — In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. En Docker Notary en versiones anteriores a la 0.1, la función checkRoot en gotuf/client/client.go no comprueba la caducidad de los archivos root.json, pese a un comentario que afirma que sí lo hace. Incluso si u... • https://docs.docker.com/notary/changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •