Medium severity6.1NVD Advisory· Published Mar 19, 2024· Updated Apr 15, 2026
CVE-2024-2307
CVE-2024-2307
Description
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5(expand)+ 1 more
- (no CPE)
- (no CPE)
- osv-coords3 versionspkg:rpm/almalinux/osbuild-composerpkg:rpm/almalinux/osbuild-composer-corepkg:rpm/almalinux/osbuild-composer-worker
< 101-1.el9.alma.1+ 2 more
- (no CPE)range: < 101-1.el9.alma.1
- (no CPE)range: < 101-1.el9.alma.1
- (no CPE)range: < 101-1.el9.alma.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.