Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:18 a.m.8 views

CVE-2023-41882

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

5.4CVSS6.6AI score0.004EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/10/11 8:15 p.m.6 views

vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41882 via vantage6 (>=0.0.0 <=3.9.0rc4)

vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41882 Source advisory: OSV:PYSEC-2023-201...

5.4CVSS5.8AI score0.004EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/10/11 7:48 p.m.13 views

CVE-2023-41882 vantage6 Improper Access Control vulnerability

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

5.4CVSS6.6AI score0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/11 7:48 p.m.32 views

CVE-2023-41882 vantage6 Improper Access Control vulnerability

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

5.4CVSS5.6AI score0.004EPSS
Exploits0References3
CVE
CVE
added 2023/10/11 7:48 p.m.67 views

CVE-2023-41882

Vantage6 vulnerability: The /api/collaboration/{id}/task endpoint incorrectly enforces access control prior to version 4.0.0 by only checking collaboration permission instead of task-permission. Affected product: vantage6 privacy-preserving federated learning infrastructure. Patch: version 4.0.0 ...

5.4CVSS4.7AI score0.004EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder