CVE-2024-6301

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6301
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://conduit.rs/changelog/#v0-8-0-2024-06-12 Release Notes
https://gitlab.com/famedly/conduit/-/releases/v0.8.0 Release Notes
Configurations

Configuration 1 (hide)

cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*
History

20 Sep 2024, 18:58

Type Values Removed Values Added
CPE cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*
Summary
  • (es) Falta de validación de origen en la API de federación en Conduit, lo que permite que cualquier servidor remoto se haga pasar por cualquier usuario de cualquier servidor en la mayoría de las EDU.
First Time Conduit conduit
Conduit
References () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes
References () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 7.5

25 Jun 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-25 13:15

Updated : 2024-09-20 18:58

NVD link : CVE-2024-6301

Mitre link : CVE-2024-6301

CVE.ORG link : CVE-2024-6301

JSON object : View

Products Affected

conduit

  • conduit
CWE
CWE-346

Origin Validation Error