CVE-2024-8287
CVSS V2 None
CVSS V3 None
Description
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.
Overview
- CVE ID
- CVE-2024-8287
- Assigner
- canonical
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-18T18:35:25.803Z
- Last Modified Date
- 2024-09-18T18:52:28.961Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141 | vendor-advisory |
| https://bugs.launchpad.net/anbox-cloud/+bug/2077570 | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-8287 | issue-tracking |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8287 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8287 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-06 04:08:08 | Added to TrackCVE |