Lucene search

GitLabCVELIST:CVE-2024-6301

HistoryJun 25, 2024 - 1:02 p.m.

CVE-2024-6301 Origin Validation Error in Conduit

2024-06-2513:02:20

CWE-346

GitLab

www.cve.org

cve-2024-6301

origin validation error

conduit

federation api

remote server

impersonate

user

edus

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

18.6%

JSON

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Conduit",
    "vendor": "The Conduit Contributors",
    "versions": [
      {
        "lessThan": "0.8.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

conduit.rs/changelog/#v0-8-0-2024-06-12

gitlab.com/famedly/conduit/-/releases/v0.8.0

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

18.6%

JSON

Related for CVELIST:CVE-2024-6301