CVE-2024-2307
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/03/2024
Last modified:
22/05/2024
Description
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM