关键信息 CVE-2024-8287 CNA: Canonical Ltd. Published: 2024-09-18 Updated: 2024-09-18 Description Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this. CWE CWE-295: CWE-295 CVSS Score: 7.5 Severity: HIGH Version: 3.1 Vector String: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Product Status Vendor: Canonical Ltd. Product: Anbox Cloud Platforms: Linux Affected Versions Default Status: unknown Affected: versions from 1.17.0 before 1.23.1 Credits Simon Fels (finder, remediation developer) References 1. 2. 3.