Lucene search

[email protected]CVE-2024-24562

HistoryMar 14, 2024 - 7:15 p.m.

CVE-2024-24562

2024-03-1419:15:49

CWE-693

CWE-668

[email protected]

web.nvd.nist.gov

cve-2024-24562

vantage6-ui

security headers

upgrade

docker image

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Affected configurations

Vulners

Node

vantage6vantage6-uiRange≤4.2.0

VendorProductVersionCPE
vantage6vantage6\-ui*cpe:2.3:a:vantage6:vantage6\-ui:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vantage6	vantage6\-ui	*	cpe:2.3:a:vantage6:vantage6\-ui::::::::

CNA Affected

[
  {
    "vendor": "vantage6",
    "product": "vantage6-UI",
    "versions": [
      {
        "version": "<= 4.2.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e

github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-24562

nvd1 cvelist1 osv1