Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NConduit
APPConduit< 0.8.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-6303CRITICAL9.9PL ✓ten sam produkt
Brak autoryzacji w Conduit API umożliwia privilege escalation
CVE-2024-6302HIGH8.1ten sam produkt
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local ...
CVE-2024-6301MEDIUM5.3ten sam produkt
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user ...
CVE-2024-6300LOW3.7ten sam produkt
Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain string...