Lucene search

[email protected]CVE-2024-6300

HistoryJun 25, 2024 - 1:15 p.m.

CVE-2024-6300

2024-06-2513:15:50

CWE-459

[email protected]

web.nvd.nist.gov

cleanup

redactions

conduit

attacker

strings

pdu

revealing

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

CNA Affected

[
  {
    "vendor": "The Conduit Contributors",
    "product": "Conduit",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "0.8.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

conduit.rs/changelog/#v0-8-0-2024-06-12

gitlab.com/famedly/conduit/-/releases/v0.8.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-6300

cvelist1 vulnrichment1 nvd1