CVE-2024-6299

Low

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to…

GitLab·CWE-324·Published 2024-06-25

CVSS

3.7

EPSS

0.00

KEV

Exploits

cve.orgen

225 chars

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date

NVDen

225 chars

NVDes

264 chars

Falta de consideración de la caducidad de la clave al validar firmas en Conduit, lo que permite a un atacante que ha comprometido una clave caducada falsificar solicitudes como servidor remoto, así como PDU con marcas de tiempo posteriores a la fecha de caducidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	NVD	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N