Lucene search

K

Vantage6 Security Vulnerabilities

cve
cve

CVE-2024-32969

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and.....

2.7CVSS

6.5AI Score

0.0004EPSS

2024-05-23 09:15 AM
60
cve
cve

CVE-2024-23823

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The...

4.2CVSS

4.3AI Score

0.0004EPSS

2024-03-14 07:15 PM
33
cve
cve

CVE-2024-24562

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While...

5.4CVSS

6.7AI Score

0.0004EPSS

2024-03-14 07:15 PM
27
cve
cve

CVE-2024-24770

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost.....

5.3CVSS

6.5AI Score

0.0004EPSS

2024-03-14 07:15 PM
30
cve
cve

CVE-2024-22200

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in...

5.3CVSS

5.2AI Score

0.0005EPSS

2024-01-30 04:15 PM
15
cve
cve

CVE-2024-21671

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches...

3.7CVSS

4.6AI Score

0.0005EPSS

2024-01-30 04:15 PM
19
cve
cve

CVE-2024-22193

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a.....

4.3CVSS

4AI Score

0.0004EPSS

2024-01-30 04:15 PM
12
cve
cve

CVE-2024-21649

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is.....

8.8CVSS

8.8AI Score

0.001EPSS

2024-01-30 04:15 PM
13
cve
cve

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not...

9.8CVSS

9.3AI Score

0.001EPSS

2024-01-30 04:15 PM
12
cve
cve

CVE-2023-47631

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to...

8.8CVSS

8.6AI Score

0.001EPSS

2023-11-14 09:15 PM
32
cve
cve

CVE-2023-41882

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

5.4CVSS

4.4AI Score

0.001EPSS

2023-10-11 08:15 PM
18
cve
cve

CVE-2023-41881

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects...

4.3CVSS

4.2AI Score

0.001EPSS

2023-10-11 08:15 PM
16
cve
cve

CVE-2023-28635

vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to.....

5.4CVSS

5.3AI Score

0.001EPSS

2023-10-11 08:15 PM
18
cve
cve

CVE-2023-23930

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

7.2CVSS

6.8AI Score

0.001EPSS

2023-10-11 06:15 PM
53
cve
cve

CVE-2023-23929

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version...

8.8CVSS

8.6AI Score

0.001EPSS

2023-03-04 12:15 AM
39
cve
cve

CVE-2023-22738

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain.....

6.5CVSS

6.1AI Score

0.001EPSS

2023-03-01 09:15 PM
36
cve
cve

CVE-2022-39228

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

6.5CVSS

6.4AI Score

0.001EPSS

2023-03-01 05:15 PM
28