CVE-2024-6301

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6301
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://conduit.rs/changelog/#v0-8-0-2024-06-12 Release Notes
https://gitlab.com/famedly/conduit/-/releases/v0.8.0 Release Notes
https://conduit.rs/changelog/#v0-8-0-2024-06-12 Release Notes
https://gitlab.com/famedly/conduit/-/releases/v0.8.0 Release Notes
Configurations

Configuration 1 (hide)

cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*
History

21 Nov 2024, 09:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 5.3
References () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes
References () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes

20 Sep 2024, 18:58

Type Values Removed Values Added
CPE cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 7.5
References () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes
References () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes
Summary
  • (es) Falta de validación de origen en la API de federación en Conduit, lo que permite que cualquier servidor remoto se haga pasar por cualquier usuario de cualquier servidor en la mayoría de las EDU.
First Time Conduit
Conduit conduit

25 Jun 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-25 13:15

Updated : 2024-11-21 09:49

NVD link : CVE-2024-6301

Mitre link : CVE-2024-6301

CVE.ORG link : CVE-2024-6301

JSON object : View

Products Affected

conduit

  • conduit
CWE
CWE-346

Origin Validation Error