Back

CVE-2024-32969

May 23, 2024, 9:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

vantage6

  • 4.5.0rc3

Source

security-advisories@github.com

Tags

CWE-284
security-advisories@github.com
2024-05-23
CVE-2024-32969

CVE-2024-32969 details

Published : May 23, 2024, 9:15 a.m.
Last Modified : May 23, 2024, 9:15 a.m.

Description

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.

CVSS Score

1 2.7 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score

2.7

Exploitability Score

Impact Score

Base Severity

LOW

Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

References

URL Source
https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56 security-advisories@github.com
https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.