Lucene search

GitLabCVELIST:CVE-2024-6300

HistoryJun 25, 2024 - 1:02 p.m.

CVE-2024-6300 Incomplete Cleanup in Conduit

2024-06-2513:02:01

CWE-459

GitLab

www.cve.org

conduit

incomplete cleanup

redaction

attack vector

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

CNA Affected

[
  {
    "vendor": "The Conduit Contributors",
    "product": "Conduit",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "0.8.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

conduit.rs/changelog/#v0-8-0-2024-06-12

gitlab.com/famedly/conduit/-/releases/v0.8.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-6300