Vulnerabilities > CVE-2023-41881 - Unspecified vulnerability in Vantage6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vantage6

NVD

Published: 2023-10-11

Updated: 2023-10-18

Summary

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Vantage6 Vantage6 Vantage6 - Vantage6 Vantage6 0.0.0 Vantage6 Vantage6 2.3.5 Vantage6 Vantage6 3.3.0 Vantage6 Vantage6 3.3.3 Vantage6 Vantage6 3.3.8 Vantage6 Vantage6 3.4.0 Vantage6 Vantage6 3.4.1 Vantage6 Vantage6 3.4.2 Vantage6 Vantage6 3.5.0 Vantage6 Vantage6 3.6.1 Vantage6 Vantage6 3.7.0 Vantage6 Vantage6 3.8.0 Vantage6 Vantage6 3.8.1 Vantage6 Vantage6 3.8.2 Vantage6 Vantage6 3.8.3 Vantage6 Vantage6 3.8.4 Vantage6 Vantage6 3.8.5 Vantage6 Vantage6 3.8.6 Vantage6 Vantage6 3.8.7 Vantage6 Vantage6 3.8.8 Vantage6 Vantage6 3.9.0 Vantage6 Vantage6 3.10.0 Vantage6 Vantage6 3.10.1 Vantage6 Vantage6 3.10.2 Vantage6 Vantage6 3.10.3 Vantage6 Vantage6 3.10.4 Vantage6 Vantage6 3.11.0 Vantage6 Vantage6 3.11.1	77

Summary

Vulnerable Configurations

References