CVE-2024-6301

{"id": "CVE-2024-6301", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-06-25T13:15:51.077", "references": [{"url": "https://conduit.rs/changelog/#v0-8-0-2024-06-12", "tags": ["Release Notes"], "source": "cve@gitlab.com"}, {"url": "https://gitlab.com/famedly/conduit/-/releases/v0.8.0", "tags": ["Release Notes"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-346"}]}, {"type": "Secondary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs"}, {"lang": "es", "value": "Falta de validaci\u00f3n de origen en la API de federaci\u00f3n en Conduit, lo que permite que cualquier servidor remoto se haga pasar por cualquier usuario de cualquier servidor en la mayor\u00eda de las EDU."}], "lastModified": "2024-09-20T18:58:43.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A42037C-F568-4862-BEE1-FCE796E55CD1", "versionEndExcluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}