Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HConduit
APPConduit< 0.7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-6303CRITICAL9.9PL ✓ten sam produkt
Brak autoryzacji w Conduit API umożliwia privilege escalation
CVE-2024-6299MEDIUM4.8ten sam produkt
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has comp...
CVE-2024-6301MEDIUM5.3ten sam produkt
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user ...
CVE-2024-6300LOW3.7ten sam produkt
Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain string...