CVE-2024-6299
CVSS V2 None
CVSS V3 None
Description
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date
Overview
- CVE ID
- CVE-2024-6299
- Assigner
- GitLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-06-25T13:02:25.979Z
- Last Modified Date
- 2024-06-25T13:02:25.979Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://gitlab.com/famedly/conduit/-/releases/v0.8.0 | |
| https://conduit.rs/changelog/#v0-8-0-2024-06-12 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-6299 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6299 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 19:26:12 | Added to TrackCVE |