Tough
Monthly
Path traversal vulnerabilities in AWS Tough (a Rust TUF client library) versions prior to 0.22.0 enable authenticated users with delegated signing privileges to write arbitrary files outside intended repository directories, bypassing incomplete fixes from previous security patches. The flaws exist in three distinct code paths: absolute target names in copy_target/link_target operations, symlinked parent directories in save_target, and symlinked metadata filenames in SignedRole::write. AWS has released patches in tough-v0.22.0 and tuftool-v0.15.0 that implement post-resolution path containment verification. No public exploit code or active exploitation confirmed at time of analysis, though CVSS 7.1 HIGH reflects significant integrity impact when exploited.
Metadata integrity bypass in AWS tough (TUF client library) before v0.22.0 allows authenticated users with delegated signing authority to poison local metadata caches by bypassing expiration, hash, and length validation checks. The vulnerability exists because load_delegations skips specification-mandated integrity checks applied to top-level targets metadata, enabling malicious delegated signers to inject invalid metadata. AWS has released patches in tough-v0.22.0 and tuftool-v0.15.0. CVSS 7.1 reflects network vector but high attack complexity (AT:P indicates specialized conditions). No public exploit or active exploitation confirmed at time of analysis, though authentication bypass tag suggests significant trust boundary violation.
During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Path traversal vulnerabilities in AWS Tough (a Rust TUF client library) versions prior to 0.22.0 enable authenticated users with delegated signing privileges to write arbitrary files outside intended repository directories, bypassing incomplete fixes from previous security patches. The flaws exist in three distinct code paths: absolute target names in copy_target/link_target operations, symlinked parent directories in save_target, and symlinked metadata filenames in SignedRole::write. AWS has released patches in tough-v0.22.0 and tuftool-v0.15.0 that implement post-resolution path containment verification. No public exploit code or active exploitation confirmed at time of analysis, though CVSS 7.1 HIGH reflects significant integrity impact when exploited.
Metadata integrity bypass in AWS tough (TUF client library) before v0.22.0 allows authenticated users with delegated signing authority to poison local metadata caches by bypassing expiration, hash, and length validation checks. The vulnerability exists because load_delegations skips specification-mandated integrity checks applied to top-level targets metadata, enabling malicious delegated signers to inject invalid metadata. AWS has released patches in tough-v0.22.0 and tuftool-v0.15.0. CVSS 7.1 reflects network vector but high attack complexity (AT:P indicates specialized conditions). No public exploit or active exploitation confirmed at time of analysis, though authentication bypass tag suggests significant trust boundary violation.
During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.