GHSA-3633-5h82-39pq: 
vulnerability analysis and mitigation

The vulnerability (GHSA-3633-5h82-39pq) affects go-tuf versions prior to 0.3.2, discovered and disclosed in September 2022. The issue involves improper handling of multiple key IDs for the same public keys in attacker-controlled metadata, where the software incorrectly validates threshold signatures by failing to properly deduplicate public keys with different key IDs (GitHub Advisory).

The vulnerability occurs when an attacker controls a threshold of keys and can insert the same public key multiple times with different key IDs into signed, trusted metadata on a TUF repository. This causes go-tuf clients < 0.3.2 to count the same signature from the same public key multiple times against the signature threshold due to the different key IDs (e.g., SHA2-256 and SHA2-512 hashes of the same key). The issue is tracked with CWE-289 and has been assigned a Low severity rating (GitHub Advisory).

While the potential impact is considered high, the overall severity is rated as low due to specific prerequisites. The vulnerability requires either attackers or the repository (deliberately or mistakenly) to produce an incorrect distribution of public keys that would cause affected clients to accept signatures that haven't met the actual threshold requirements (GitHub Advisory).

The vulnerability has been patched in version 0.3.2 and later releases. For users unable to upgrade, a workaround is available by manually checking for and removing duplicate public keys with different key IDs in all signed metadata on their TUF repositories. The latest TUF specification recommends using only SHA2-256 hashes of public keys to prevent such issues (GitHub Advisory, Go Packages).