Important: admins of Conduit-derived homeservers (Conduit, Continuwuity, Grapevine and Tuwunel) should update immediately to address a critical bug in the federation implementation that is being actively exploited: github.com/continuwuity/contin…
Unintended Proxy or Intermediary ('Confused Deputy') and Improper Input Validation in Conduit-derived homeservers
### Impact This vulnerability allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. The flaw exists because the server fails...GitHub
Peter Vágner reshared this.