CVSS 3.1 Score 6.1 of 10 (medium)


Published Mar 19, 2024
Updated: Mar 20, 2024
CWE ID 347


CVE-2024-2307 is a vulnerability found in osbuild-composer, which can disable GPG verification for package repositories. This flaw exposes the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. The vulnerability has a base severity rating of MEDIUM with a base score of 6.1 according to It requires high privileges and user interaction to exploit and has a low attack complexity. The potential impact includes high integrity and confidentiality impacts, with low availability impact. Remediation measures are not provided in the given information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2307 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options