Vulnerabilities > CVE-2024-22193 - Unspecified vulnerability in Vantage6
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.
Vulnerable Configurations
References
- https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
- https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
- https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
- https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr