Lucene search

K
githubGitHub Advisory DatabaseGHSA-99R4-CJP4-3HMX
HistoryMay 22, 2024 - 3:49 p.m.

vantage6 collaboration admins can extend their influence by expanding the collaboration

2024-05-2215:49:14
CWE-284
GitHub Advisory Database
github.com
5
vantage6
collaboration
admins
extend
influence
extra organizations
create new users
passwords
access
task results

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

Impact

Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in.

Only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact.

Patches

No

Workarounds

No

Affected configurations

Vulners
Node
vantage6vantage6Range<4.5.0rc3

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

Related for GHSA-99R4-CJP4-3HMX