Vulnerabilities > CVE-2023-22738 - Improper Preservation of Permissions vulnerability in Vantage6

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vantage6

CWE-281

NVD

Published: 2023-03-01

Updated: 2023-03-10

Summary

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.

Vulnerable Configurations

Part	Description	Count
Application	Vantage6 Vantage6 Vantage6 - Vantage6 Vantage6 0.0.0 Vantage6 Vantage6 2.3.5 Vantage6 Vantage6 3.3.0 Vantage6 Vantage6 3.3.3 Vantage6 Vantage6 3.3.8 Vantage6 Vantage6 3.4.0 Vantage6 Vantage6 3.4.1 Vantage6 Vantage6 3.4.2 Vantage6 Vantage6 3.5.0 Vantage6 Vantage6 3.8.0 Vantage6 Vantage6 3.7.0	43

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References