cvedb.io
CVE-2024-8287
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-09-18T19:15:41.073 · Last modified 2026-06-17T08:22:17.633

Summary

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

Affected products

canonical — anbox_cloud

Does this affect you?

Add your gear to cvedb and we'll alert you only when canonical ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.