Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-64jx-m9pq-gr8c

Опубликовано: 19 мар. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 6.1

Описание

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

EPSS

Процентиль: 0%
0.00008
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-347

Связанные уязвимости

CVSS3: 6.1
redhat
больше 1 года назад

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

CVSS3: 6.1
nvd
больше 1 года назад

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

rocky
около 1 года назад

Moderate: Image builder components bug fix, enhancement and security update

oracle-oval
около 1 года назад

ELSA-2024-2961: Image builder components bug fix, enhancement and security update (MODERATE)

oracle-oval
больше 1 года назад

ELSA-2024-2119: Image builder components bug fix, enhancement and security update (MODERATE)

EPSS

Процентиль: 0%
0.00008
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-347