Aws Tough
7 CVEs affecting Aws Tough. Latest disclosed: 2026-04-24. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6968 | Medium | 5.9 | 2026-04-24 | Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside… |
CVE-2026-6967 | Medium | 5.9 | 2026-04-24 | Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with… |
CVE-2026-6966 | Medium | 5.3 | 2026-04-24 | Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated user… |
CVE-2025-2888 | | 2025-03-27 | During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, th… | |
CVE-2025-2887 | | 2025-03-27 | During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source… | |
CVE-2025-2886 | | 2025-03-27 | Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation… | |
CVE-2025-2885 | | 2025-03-27 | Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended versio… |