4 matches found
CVE-2023-23929 Refresh tokens do not expire in Vantage6
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...
CVE-2023-23929
Vantage6 CVE-2023-23929 describes a token‑refresh flaw: refresh tokens were allowed to remain valid indefinitely, enabling long‑term access. The issue is fixed in version 3.8.0. Documented CVSSv3.1 metrics indicate high impact (Confidentiality/Integrity/Availability: High) with network access, un...
CVE-2023-23929 Refresh tokens do not expire in Vantage6
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...
vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-23929 via vantage6 (>=0.0.0 <=3.7.3)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-23929 Source advisory: OSV:GHSA-4W59-C3GC-RRHP...