CVE-2024-8287 Information

Description

Anbox Management Service in versions 1.17.0 through 1.23.0 does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

Reference

https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141 https://bugs.launchpad.net/anbox-cloud/+bug/2077570 https://www.cve.org/CVERecord?id=CVE-2024-8287