Tough
Monthly
During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.