Unvalidated Server Impersonation Vulnerability in Conduit Federation API
CVE-2024-6301

7.5HIGH

Key Information:

Vendor: The Conduit Contributors
Status: Conduit
Vendor: CVE Published:; 25 June 2024

🔔 Create The Conduit Contributors Vulnerability Alert

What is CVE-2024-6301?

The vulnerability in Conduit arises from inadequate validation of the origin in its federation API. This flaw permits any remote server to impersonate users from various servers, particularly impacting educational institutions. Due to this lack of origin verification, an attacker can potentially act as any user, compromising the integrity and security of communications within the affected systems. It is crucial for users and administrators to assess their exposure to this vulnerability and implement necessary protective measures as outlined in the recent release notes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Conduit 0 < 0.8.0

References

https://gitlab.com/famedly/conduit/-/releases/v0.8.0

https://conduit.rs/changelog/#v0-8-0-2024-06-12

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 25, 2024

Credit

Matthias Ahouansou for finding and patching the vulnerability

JSON

The Conduit Contributors

What is CVE-2024-6301?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.