Lucene search
GoogleOSV:CVE-2024-6301HistoryJun 25, 2024 - 1:15 p.m.
CVE-2024-6301
2024-06-2513:15:51
Google
osv.dev
1
conduit
federation
origin validation
impersonation
edus
software security
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.9
Confidence
High
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs
Related
nvd
nvd
CVE-2024-6301
2024-06-25 13:15:51
cvelist
cvelist
CVE-2024-6301 Origin Validation Error in Conduit
2024-06-25 13:02:20
cve
cve
CVE-2024-6301
2024-06-25 13:15:51
vulnrichment
vulnrichment
CVE-2024-6301 Origin Validation Error in Conduit
2024-06-25 13:02:20
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.9
Confidence
High
Related for OSV:CVE-2024-6301