Lucene search

K
osvGoogleOSV:GHSA-99R4-CJP4-3HMX
HistoryMay 22, 2024 - 3:49 p.m.

vantage6 collaboration admins can extend their influence by expanding the collaboration

2024-05-2215:49:14
Google
osv.dev
5
collaboration
administrators
organizations
influence
users
passwords
task results

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

Impact

Collaboration administrators can add extra organizations to their collaboration. When doing that, they extend their influence: for instance, for organizations that they include, they can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in.

Only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact.

Patches

No

Workarounds

No

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

9.0%

Related for OSV:GHSA-99R4-CJP4-3HMX