Описание
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 0.7.0 (исключая)
cpe:2.3:a:conduit:conduit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00167
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-280
NVD-CWE-Other
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.
EPSS
Процентиль: 38%
0.00167
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-280
NVD-CWE-Other