CVE-2024-6301
5.3MEDIUMLack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs
Published: 6/25/2024Updated: 11/21/2024
Description
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs
AI AnalysisPowered by AI
Affected Products
conduitconduit
References
- https://conduit.rs/changelog/#v0-8-0-2024-06-12Release Notes
- https://gitlab.com/famedly/conduit/-/releases/v0.8.0Release Notes
- https://conduit.rs/changelog/#v0-8-0-2024-06-12Release Notes
- https://gitlab.com/famedly/conduit/-/releases/v0.8.0Release Notes