Описание
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.
Ссылки
- Vendor Advisory
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.17.0 (включая) до 1.23.1 (исключая)
cpe:2.3:a:canonical:anbox_cloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00229
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.
EPSS
Процентиль: 45%
0.00229
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
CWE-295