CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs
Configurations

Configuration 1 (hide)

cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.3
References () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes
References () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes

20 Sep 2024, 18:58

Type Values Removed Values Added
CPE cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
Summary
  • (es) Falta de validación de origen en la API de federación en Conduit, lo que permite que cualquier servidor remoto se haga pasar por cualquier usuario de cualquier servidor en la mayoría de las EDU.
References () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - () https://conduit.rs/changelog/#v0-8-0-2024-06-12 - Release Notes
References () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - () https://gitlab.com/famedly/conduit/-/releases/v0.8.0 - Release Notes
First Time Conduit conduit
Conduit

25 Jun 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-25 13:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6301

Mitre link : CVE-2024-6301

CVE.ORG link : CVE-2024-6301


JSON object : View

Products Affected

conduit

  • conduit
CWE
CWE-346

Origin Validation Error