Name of the Vulnerable Software and Affected Versions TUF versions 0.14.0 through 0.15.x

Description The issue concerns the verify root self signed() function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new threshold, potentially allowing a single new root key to provide enough signatures to meet the threshold. To exploit this, an attacker must control a new root key, craft a new root metadata file with sufficient signatures, cause old root keys to sign this file, publish it, and cause clients to rotate to it. The estimated number of potentially affected devices is not specified.

Recommendations For TUF versions 0.14.0 through 0.15.x, update to version 0.16.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the verify root self signed() function until a patch is available.