Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-8287

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not …

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

References

https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141 vendor-advisory
https://bugs.launchpad.net/anbox-cloud/+bug/2077570 issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-8287 issue-tracking
https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141 vendor-advisory
https://bugs.launchpad.net/anbox-cloud/+bug/2077570 issue-tracking
https://www.cve.org/CVERecord?id=CVE-2024-8287 issue-tracking

Affected products

anbox

<1.23.1

anbox_cloud

<1.23.1

Matching in nixpkgs

pkgs.fanbox-dl

Pixiv FANBOX Downloader

nixos-unstable -
- nixpkgs-unstable 0.28.0

Package maintainers

@moni-dz moni <lythe1107@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.fanbox-dl

Package maintainers