Login Sign Up

CVE-2024-6302

8.1 HIGH
Authentication Bypass

📋 TL;DR

CVE-2024-6302 is a privilege escalation vulnerability in Conduit Matrix servers where local users can redact any message from users on the same server without proper authorization checks. This affects Conduit versions v0.6.0 and lower. The vulnerability allows unauthorized message deletion within the same server instance.

💻 Affected Systems

Products:
  • Conduit Matrix Server
Versions: v0.6.0 and all earlier versions
Operating Systems: All platforms running Conduit
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Conduit servers with local users who can send redaction events. Does not affect remote users or other Matrix server implementations.

📦 What is this software?

Conduit by Conduit

View all CVEs affecting Conduit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious local users could systematically delete all messages on the server, causing complete data loss and disrupting communication.

🟠

Likely Case

Local users redact specific messages they shouldn't have access to, potentially hiding evidence or disrupting conversations.

🟢

If Mitigated

With proper network segmentation and limited local user access, impact is contained to isolated environments.

🌐 Internet-Facing: LOW - This requires local user access to the server, not remote exploitation.
🏢 Internal Only: HIGH - Any local user on the Conduit server can exploit this vulnerability to redact messages.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the server and ability to send redaction events, but the actual exploit is trivial once those conditions are met.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.7.0

Vendor Advisory: https://conduit.rs/changelog/#v0-7-0-2024-04-25

Restart Required: Yes

Instructions:

1. Backup your Conduit data and configuration. 2. Stop the Conduit service. 3. Update to v0.7.0 using your package manager or by downloading from https://gitlab.com/famedly/conduit/-/releases/v0.7.0. 4. Restart the Conduit service. 5. Verify the version is now v0.7.0.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit which local users can access the Conduit server and send redaction events

# Review and restrict user permissions in your OS
# Use sudoers or similar to limit access to Conduit processes

🧯 If You Can't Patch

  • Implement strict access controls to limit which local users can interact with the Conduit server
  • Monitor for unusual redaction activity and implement alerting for mass redaction events

🔍 How to Verify

Check if Vulnerable:

Check if Conduit version is v0.6.0 or earlier. Vulnerable if version <= 0.6.0.

Check Version:

conduit --version

Verify Fix Applied:

Confirm Conduit version is v0.7.0 or later after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual redaction events from local users
  • Redactions from users who shouldn't have permission
  • Multiple redactions in short timeframes

Network Indicators:

  • Not applicable - this is a local privilege issue

SIEM Query:

source="conduit.log" AND "redaction" AND user="local_user" | stats count by user

📊 Metadata

CVE ID: CVE-2024-6302
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-280
Published: June 25, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6302, you might also want to check these:

CVE-2025-46066 9.9

A privilege escalation vulnerability in Automai Director v.25.2.0 allows remote attackers to gain el...

Same vulnerability type (CWE-280)
CVE-2024-25108 9.9

This CVE describes an authorization bypass vulnerability in Pixelfed that allows attackers to access...

Same vulnerability type (CWE-280)
CVE-2024-24116 9.8

A privilege escalation vulnerability in Ruijie RG-NBS2009G-P switches allows remote attackers to gai...

Same vulnerability type (CWE-280)