CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.8%

CVSS Severity

CVSS v3 Score 4.8

References

https://conduit.rs/changelog/#v0-8-0-2024-06-12
https://gitlab.com/famedly/conduit/-/releases/v0.8.0
https://conduit.rs/changelog/#v0-8-0-2024-06-12
https://gitlab.com/famedly/conduit/-/releases/v0.8.0

Products affected by CVE-2024-6299

Conduit » Conduit » Version: N/A

cpe:2.3:a:conduit:conduit:-
Conduit » Conduit » Version: 0.0.0

cpe:2.3:a:conduit:conduit:0.0.0
Conduit » Conduit » Version: 0.2.0

cpe:2.3:a:conduit:conduit:0.2.0
Conduit » Conduit » Version: 0.3.0

cpe:2.3:a:conduit:conduit:0.3.0
Conduit » Conduit » Version: 0.4.0

cpe:2.3:a:conduit:conduit:0.4.0
Conduit » Conduit » Version: 0.5.0

cpe:2.3:a:conduit:conduit:0.5.0
Conduit » Conduit » Version: 0.6.0

cpe:2.3:a:conduit:conduit:0.6.0
Conduit » Conduit » Version: 0.7.0

cpe:2.3:a:conduit:conduit:0.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6299

Products

Pricing

Contact Us