Lucene search

[email protected]NVD:CVE-2022-39228

HistoryMar 01, 2023 - 5:15 p.m.

CVE-2022-39228

2023-03-0117:15:10

CWE-204

CWE-203

[email protected]

web.nvd.nist.gov

vantage6

privacy preserving

federated learning

account blocking

version 3.8.0

security issue fix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

43.1%

JSON

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.

Affected configurations

Nvd

Node

vantage6vantage6Range3.3.3–3.8.0

VendorProductVersionCPE
vantage6vantage6*cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vantage6	vantage6	*	cpe:2.3:a:vantage6:vantage6::::::::

References

github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2

github.com/vantage6/vantage6/issues/59

github.com/vantage6/vantage6/pull/281

github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

43.1%

JSON

Related for NVD:CVE-2022-39228

osv3 cve1 veracode1 github1 prion1 cvelist1