LOW🇬🇧 English

CVE-2024-6300

CVSS 3.7v3.1pub. 2024-06-25upd. 2024-11-21

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Conduit

    APP
    Conduit
    < 0.8.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-6303CRITICAL9.9PL ✓ten sam produkt

Brak autoryzacji w Conduit API umożliwia privilege escalation

CVE-2024-6302HIGH8.1ten sam produkt

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local ...

CVE-2024-6299MEDIUM4.8ten sam produkt

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has comp...

CVE-2024-6301MEDIUM5.3ten sam produkt

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user ...