Lucene search

[email protected]NVD:CVE-2023-23929

HistoryMar 04, 2023 - 12:15 a.m.

CVE-2023-23929

2023-03-0400:15:15

CWE-613

[email protected]

web.nvd.nist.gov

vantage6

privacy preserving

federated learning

refresh token

vulnerability

fix

version 3.8.0

validity

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.

Affected configurations

Nvd

Node

vantage6vantage6Range<3.8.0

VendorProductVersionCPE
vantage6vantage6*cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vantage6	vantage6	*	cpe:2.3:a:vantage6:vantage6::::::::

References

github.com/vantage6/vantage6/commit/48ebfca42359e9a6743e9598684585e2522cdce8

github.com/vantage6/vantage6/security/advisories/GHSA-4w59-c3gc-rrhp

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

43.3%

JSON

Related for NVD:CVE-2023-23929

osv3 cvelist1 cve1 github1 prion1 veracode1