Local User Redaction Vulnerability
CVE-2024-6302

5.5MEDIUM

Key Information:

Vendor: The Conduit Contributors
Status: Conduit
Vendor: CVE Published:; 25 June 2024

🔔 Create The Conduit Contributors Vulnerability Alert

What is CVE-2024-6302?

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.

Affected Version(s)

Conduit 0 < 0.7.0

References

https://gitlab.com/famedly/conduit/-/releases/v0.7.0

https://conduit.rs/changelog/#v0-7-0-2024-04-25

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 25, 2024

Credit

Timo Kösters for finding the vulnerability, Matthias Ahouansou for patching it