CVE-2024-6302

EUVD-2024-47419
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
GitLabCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
conduitconduit
𝑥
< 0.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://conduit.rs/changelog/#v0-7-0-2024-04-25
https://gitlab.com/famedly/conduit/-/releases/v0.7.0
https://conduit.rs/changelog/#v0-7-0-2024-04-25
https://gitlab.com/famedly/conduit/-/releases/v0.7.0