CVE-2024-6302

HIGH

Conduit <0.6.0 - Privilege Escalation

Title source: llm

Description

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.

References (2)

[Release Notes] https://conduit.rs/changelog/#v0-7-0-2024-04-25

[Release Notes] https://gitlab.com/famedly/conduit/-/releases/v0.7.0

Scores

CVSS v3 8.1

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-280

Status published

Products (1)

conduit/conduit < 0.7.0

Published Jun 25, 2024

Tracked Since Feb 18, 2026