Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| simpestreams_project | simplestreams | - |
| canonical | ubuntu_linux | 15.04 |
| canonical | ubuntu_linux | 14.04 |