Local User Redaction Vulnerability

CVE-2024-6302

5.5MEDIUM

Key Information

Vendor: The Conduit Contributors
Status: Conduit
Vendor: CVE Published:; 25 June 2024

Summary

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.

Affected Version(s)

Conduit < 0.7.0

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved.
Jun 25, 2024
Vulnerability published.
Jun 25, 2024

Collectors

NVD DatabaseMitre Database

Credit

Timo Kösters for finding the vulnerability, Matthias Ahouansou for patching it