CVE-2024-2307 Information

Description

A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories which can expose the build phase to a Man-in-the-Middle attack allowing untrusted code to be installed into an image being built.

Reference

https://access.redhat.com/security/cve/CVE-2024-2307 https://bugzilla.redhat.com/show_bug.cgi?id=2268513