Lucene search

[email protected]NVD:CVE-2024-21671

HistoryJan 30, 2024 - 4:15 p.m.

CVE-2024-21671

2024-01-3016:15:48

CWE-208

CWE-203

[email protected]

web.nvd.nist.gov

vantage6

privacy enhancing technologies

federated learning

multi-party computation

username

response time

credential attacks

version 4.2.0

vulnerability

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.

Affected configurations

Nvd

Node

vantage6vantage6Range<4.2.0

VendorProductVersionCPE
vantage6vantage6*cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vantage6	vantage6	*	cpe:2.3:a:vantage6:vantage6::::::::

References

github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30

github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-21671

veracode1 cvelist1 cve1 cnvd1 prion1 github1 osv5