CVE-2024-6302— Improper Handling of Insufficient Permissions or Privileges in Conduit
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-6302
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Handling of Insufficient Permissions or Privileges in Conduit
Source: NVD (National Vulnerability Database)
Vulnerability Description
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分权限或特权的处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Conduit 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Conduit是Famedly开源的一款简单、快速、可靠的聊天服务器。 Conduit v0.6.0及之前版本存在安全漏洞,该漏洞源于处理编辑时未检查权限,导致本地用户可以编辑同一服务器上用户的任何消息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Conduit Contributors | Conduit | 0 ~ 0.7.0 | - |
II. Public POCs for CVE-2024-6302
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-6302
请登录查看更多情报信息。
Same Patch Batch · The Conduit Contributors · 2024-06-25 · 5 CVEs total
| CVE-2024-6303 | 9.9 CRITICAL | Missing Authorization in Conduit |
| CVE-2024-6301 | 5.3 MEDIUM | Origin Validation Error in Conduit |
| CVE-2024-6299 | 4.8 MEDIUM | Use of a Key Past its Expiration Date in Conduit |
| CVE-2024-6300 | 3.7 LOW | Incomplete Cleanup in Conduit |
IV. Related Vulnerabilities
Same weakness: CWE-280
- CVE-2026-6805
Vulnerability on Cryptobox external sharing feature - CVE-2026-20448
MediaTek Chipsets 安全漏洞 - CVE-2026-27910
Windows Installer Elevation of Privilege Vulnerability - CVE-2026-24096
Insufficient permission validation on multiple REST API Quic - CVE-2026-2123
Privilege escalation vulnerability in Operations Agent
V. Comments for CVE-2024-6302
No comments yet