CVE-2024-6302

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
GitLabCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
conduitconduit
𝑥
< 0.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://conduit.rs/changelog/#v0-7-0-2024-04-25
https://gitlab.com/famedly/conduit/-/releases/v0.7.0
https://conduit.rs/changelog/#v0-7-0-2024-04-25
https://gitlab.com/famedly/conduit/-/releases/v0.7.0