ГлавнаяУязвимости → CVE-2024-8287
7.5высокая

CVE-2024-8287

Описание

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

Затрагиваемое ПО
Canonical Anbox cloud
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://bugs.launchpad.net/anbox-cloud/+bug/2077570https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141https://www.cve.org/CVERecord?id=CVE-2024-8287