Security Advisory

CVE-2024-2307

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-19 16:16:31

Last updated 2026-02-25 19:22:53

Assigner redhat

State PUBLISHED

Description

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

← Browse all CVEs View on cve.org ↗