CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-6303

CVSS 9.9v3.1pub. 2024-06-25upd. 2024-11-21

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more

πŸ€– AI Analysis
How it works

An attacker with access to the Conduit server can remove and add room aliases without proper authorization. By moving the #admins alias to a room they control, they gain access to privileged administrative commands. This allows them to, among other things, reset passwords of other users, sign data with the server key, deactivate user accounts, and perform other operations reserved for administrators.

Impact

An attacker can obtain full administrative privileges on the Conduit server, enabling them to take over user accounts, sign data using the server key, and deactivate any accounts β€” leading to compromise of the entire instance.

Mitigation & patch

Conduit should be updated to version 0.8.0 or newer, released on June 12, 2024, which contains the fix for this vulnerability. Details are available in the vendor's references: https://conduit.rs/changelog/#v0-8-0-2024-06-12

Who is affected

Conduit in versions 0.7.0 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Conduit

    APP
    Conduit
    < 0.8.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-6302HIGH8.1ten sam produkt

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local ...

CVE-2024-6299MEDIUM4.8ten sam produkt

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has comp...

CVE-2024-6301MEDIUM5.3ten sam produkt

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user ...

CVE-2024-6300LOW3.7ten sam produkt

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain string...

CVE-2024-6303 β€” Conduit β€” CRITICAL β€” CVSS 9.9 | CVEbaza.pl