CVE-2024-6300 LOW

CVE-2024-6300: Incomplete Cleanup in Conduit

Vendor The Conduit Contributors
Product Conduit
Weakness CWE-459
Published June 25, 2024
Last update August 29, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 29, 2024 Record updated