Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/03/03 11:37 p.m.8 views

CVE-2023-23929 Refresh tokens do not expire in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...

8.8CVSS8.7AI score0.00571EPSS
Exploits0References2
CVE
CVE
added 2023/03/03 11:37 p.m.93 views

CVE-2023-23929

Vantage6 CVE-2023-23929 describes a token‑refresh flaw: refresh tokens were allowed to remain valid indefinitely, enabling long‑term access. The issue is fixed in version 3.8.0. Documented CVSSv3.1 metrics indicate high impact (Confidentiality/Integrity/Availability: High) with network access, un...

8.8CVSS8.7AI score0.00571EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/03 11:37 p.m.34 views

CVE-2023-23929 Refresh tokens do not expire in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...

8.8CVSS8.9AI score0.00571EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/02/28 11:20 p.m.3 views

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-23929 via vantage6 (>=0.0.0 <=3.7.3)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-23929 Source advisory: OSV:GHSA-4W59-C3GC-RRHP...

8.8CVSS7.2AI score0.00571EPSS
Exploits0
Rows per page
Query Builder