CVE-2024-6301

Summary

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs

Affected Software

VendorProductVersion RangeStatus
The Conduit ContributorsConduit0 < 0.8.0affected

Weaknesses

  • CWE-346: CWE-346: Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References