CVE-2024-2307 - CERT CVE
ID CVE-2024-2307
Sažetak A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
Reference
CVSS
Base: 6.1
Impact: 5.5
Exploitability:0.6
Pristup
VektorSloženostAutentikacija
LOCAL LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH LOW
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
Zadnje važnije ažuriranje 22-05-2024 - 17:16
Objavljeno 19-03-2024 - 17:15