Lucene search

Redhat.comRH:CVE-2024-7383

HistoryAug 04, 2024 - 4:15 p.m.

CVE-2024-7383

2024-08-0416:15:40

redhat.com

access.redhat.com

libnbd

tls

man-in-the-middle

attack

nbd

server

certificate

verify

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

Low

JSON

A flaw was found in libnbd. The client did not always correctly verify the NBD server’s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

References

bugzilla.redhat.com/show_bug.cgi?id=2302865

lists.libguestfs.org/archives/list/[email protected]/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2

lists.libguestfs.org/archives/list/[email protected]/thread/ENZY4LHLARA3N4C3JUNLPYUCXHFO7BWQ/

nvd.nist.gov/vuln/detail/CVE-2024-7383

www.cve.org/CVERecord?id=CVE-2024-7383

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.9

Confidence

Low

JSON

Related for RH:CVE-2024-7383