How severe is CVE-2020-15093?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2020-15093?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2020-15093 - HIGH Severity | CVSS 8.6

Vulnerability Description

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.

Related Vulnerabilities

CVE-2025-27773

HIGH

CVSS:8.6(High)

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An att...

CWE-3472025

CVE-2013-3900

HIGH

CVSS:8.8(High)

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingChe...

CWE-3472013

CVE-2015-3298

HIGH

CVSS:8.8(High)

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.

CWE-3472015

CVE-2018-16515

HIGH

CVSS:8.8(High)

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

CWE-3472018

CVE-2018-6664

HIGH

CVSS:8.8(High)

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass th...

CWE-3472018

CVE-2019-3465

HIGH

CVSS:8.8(High)

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attac...

CWE-3472019