A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-03-19T16:16:31.902Z
Updated: 2024-09-16T13:00:32.050Z
Reserved: 2024-03-07T21:19:24.246Z
Link: CVE-2024-2307
Vulnrichment
Updated: 2024-08-01T19:11:52.858Z
NVD
Status : Awaiting Analysis
Published: 2024-03-19T17:15:12.520
Modified: 2024-05-22T17:16:14.610
Link: CVE-2024-2307
Redhat