CVE-2024-6299

low

Description

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

References

https://gitlab.com/famedly/conduit/-/releases/v0.8.0

https://conduit.rs/changelog/#v0-8-0-2024-06-12

Details

Source: Mitre, NVD

Published: 2024-06-25

Updated: 2024-09-20

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N