CVE-2024-6299
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Conduit Contributors | Conduit | 0 < 0.8.0 | affected |
Weaknesses
- CWE-324: CWE-324: Use of a Key Past its Expiration Date
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.