Vulnerabilities > Conduit > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-6301 | Origin Validation Error vulnerability in Conduit Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs | 7.5 |
| 2024-06-25 | CVE-2024-6303 | Missing Authorization vulnerability in Conduit Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more | 8.8 |