Lucene search

GitLabVULNRICHMENT:CVE-2024-6300

HistoryJun 25, 2024 - 1:02 p.m.

CVE-2024-6300 Incomplete Cleanup in Conduit

2024-06-2513:02:01

CWE-459

GitLab

github.com

incomplete cleanup

conduit

attacker

redaction.

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

CNA Affected

[
  {
    "vendor": "The Conduit Contributors",
    "product": "Conduit",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "0.8.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

conduit.rs/changelog/#v0-8-0-2024-06-12

gitlab.com/famedly/conduit/-/releases/v0.8.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-6300