Critical severity9.9NVD Advisory· Published Jun 25, 2024· Updated Jun 17, 2026
CVE-2024-6303
CVE-2024-6303
Description
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 0
Patches
Vulnerability mechanics
References
2- conduit.rs/changelog/nvdRelease Notes
- gitlab.com/famedly/conduit/-/releases/v0.8.0nvdRelease Notes
News mentions
0No linked articles in our index yet.