{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T03:21:19.754","vulnerabilities":[{"cve":{"id":"CVE-2024-6301","sourceIdentifier":"cve@gitlab.com","published":"2024-06-25T13:15:51.077","lastModified":"2024-11-21T09:49:23.573","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs"},{"lang":"es","value":"Falta de validación de origen en la API de federación en Conduit, lo que permite que cualquier servidor remoto se haga pasar por cualquier usuario de cualquier servidor en la mayoría de las EDU."}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.0","matchCriteriaId":"0A42037C-F568-4862-BEE1-FCE796E55CD1"}]}]}],"references":[{"url":"https://conduit.rs/changelog/#v0-8-0-2024-06-12","source":"cve@gitlab.com","tags":["Release Notes"]},{"url":"https://gitlab.com/famedly/conduit/-/releases/v0.8.0","source":"cve@gitlab.com","tags":["Release Notes"]},{"url":"https://conduit.rs/changelog/#v0-8-0-2024-06-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://gitlab.com/famedly/conduit/-/releases/v0.8.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}}]}