MidnightBSD

Advisories for conduit

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

Products Affected

Vendor Product Version
conduit conduit *
CVE-2024-6300

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
conduit conduit *
CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
conduit conduit *
CVE-2024-6302

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
conduit conduit *
CVE-2024-6303

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
conduit conduit *