Vulnerabilities > CVE-2024-6299 - Unspecified vulnerability in Conduit

CVSS 3.7 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

high complexity

conduit

NVD

Published: 2024-06-25

Updated: 2024-09-20

Summary

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

Vulnerable Configurations

Part	Description	Count
Application	Conduit Conduit Conduit *	1

References

https://gitlab.com/famedly/conduit/-/releases/v0.8.0
https://conduit.rs/changelog/#v0-8-0-2024-06-12