Lucene search
GitLabCVE-2024-6302HistoryJun 25, 2024 - 1:15 p.m.
CVE-2024-6302
2024-06-2513:15:51
CWE-280
GitLab
web.nvd.nist.gov
28
privilege checking
conduit
redaction event
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
8
Confidence
High
EPSS
0
Percentile
9.1%
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
Affected configurations
Node
conduitconduitRange<0.7.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Conduit",
"vendor": "The Conduit Contributors",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
osv
osv
CVE-2024-6302
2024-06-25 13:15:51
nvd
nvd
CVE-2024-6302
2024-06-25 13:15:51
cvelist
cvelist
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
8
Confidence
High
EPSS
0
Percentile
9.1%
Related for CVE-2024-6302