CVE-2024-6302 HIGH

CVE-2024-6302: Improper Handling of Insufficient Permissions or Privileges in Conduit

Vendor The Conduit Contributors
Product Conduit
Weakness CWE-280
Published June 25, 2024
Last update September 17, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
September 17, 2024 Record updated