
Fwupd – S3 bucket takeover and CVE-2020-10759 signature verification bypass - pentestercrab
https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
======
pentestercrab
From TFA: These vulnerabilities would have allowed an attacker who claimed the
S3 bucket to offer malicious firmware updates to Linux desktops and servers
running legacy versions of fwupd.

Some extra discussion can be found in a Twitter thread[0] from the person who
discovered the issues.

[0]
[https://twitter.com/justinsteven/status/1270113960021209088](https://twitter.com/justinsteven/status/1270113960021209088)

