CVE-2024-6299 MEDIUM

CVE-2024-6299: Use of a Key Past its Expiration Date in Conduit

Vendor The Conduit Contributors
Product Conduit
Weakness CWE-324
Published June 25, 2024
Last update August 29, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 29, 2024 Record updated