MEDIUM🇵🇱 Wersja polska

CVE-2024-6299

CVSS 4.8v3.1pub. 2024-06-25upd. 2024-11-21

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  • Conduit

    APP
    Conduit
    < 0.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-6303CRITICAL9.9PL ✓ten sam produkt

Brak autoryzacji w Conduit API umożliwia privilege escalation

CVE-2024-6302HIGH8.1ten sam produkt

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local ...

CVE-2024-6301MEDIUM5.3ten sam produkt

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user ...

CVE-2024-6300LOW3.7ten sam produkt

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain string...