Vulnerability CVE-2024-2307


Published: 2024-03-19

Description:
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

 References:
https://access.redhat.com/security/cve/CVE-2024-2307
https://bugzilla.redhat.com/show_bug.cgi?id=2268513

Copyright 2024, cxsecurity.com

 

Back to Top