We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | GitLab |
Reserved | 2024-06-25 |
Published | 2024-06-25 |
Updated | 2024-08-29 |
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
CWE-324: Use of a Key Past its Expiration Date
Michael Maltsev for finding vulnerability, Matthias Ahouansou for fixing it
https://gitlab.com/famedly/conduit/-/releases/v0.8.0
https://conduit.rs/changelog/#v0-8-0-2024-06-12