Lucene search

[email protected]NVD:CVE-2024-7383

HistoryAug 05, 2024 - 2:15 p.m.

CVE-2024-7383

2024-08-0514:15:35

CWE-295

[email protected]

web.nvd.nist.gov

libnbd

tls

verification

man-in-the-middle

attack

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

16.3%

JSON

A flaw was found in libnbd. The client did not always correctly verify the NBD server’s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

References

access.redhat.com/errata/RHSA-2024:6757

access.redhat.com/security/cve/CVE-2024-7383

bugzilla.redhat.com/show_bug.cgi?id=2302865

lists.libguestfs.org/archives/list/[email protected]/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2

lists.libguestfs.org/archives/list/[email protected]/thread/ENZY4LHLARA3N4C3JUNLPYUCXHFO7BWQ/

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

16.3%

JSON

Related for NVD:CVE-2024-7383

debiancve1 nessus4 redhatcve1 osv4 cvelist1 cbl_mariner1 redhat1 cve1 vulnrichment1