Vulnerabilities > CVE-2023-41882 - Incorrect Authorization vulnerability in Vantage6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vantage6

CWE-863

NVD

Published: 2023-10-11

Updated: 2023-10-18

Summary

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.

Vulnerable Configurations

Part	Description	Count
Application	Vantage6 Vantage6 Vantage6 - Vantage6 Vantage6 0.0.0 Vantage6 Vantage6 2.3.5 Vantage6 Vantage6 3.3.0 Vantage6 Vantage6 3.3.3 Vantage6 Vantage6 3.3.8 Vantage6 Vantage6 3.4.0 Vantage6 Vantage6 3.4.1 Vantage6 Vantage6 3.4.2 Vantage6 Vantage6 3.5.0 Vantage6 Vantage6 3.6.1 Vantage6 Vantage6 3.7.0 Vantage6 Vantage6 3.8.0 Vantage6 Vantage6 3.8.1 Vantage6 Vantage6 3.8.2 Vantage6 Vantage6 3.8.3 Vantage6 Vantage6 3.8.4 Vantage6 Vantage6 3.8.5 Vantage6 Vantage6 3.8.6 Vantage6 Vantage6 3.8.7 Vantage6 Vantage6 3.8.8 Vantage6 Vantage6 3.9.0 Vantage6 Vantage6 3.10.0 Vantage6 Vantage6 3.10.1 Vantage6 Vantage6 3.10.2 Vantage6 Vantage6 3.10.3 Vantage6 Vantage6 3.10.4 Vantage6 Vantage6 3.11.0 Vantage6 Vantage6 3.11.1	77

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References