5 matches found
CVE-2023-41882
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...
vantage6-node (>=0.0.0 <=3.11.1), vantage6-server (>=0.0.0 <=3.11.1) potentially affected by CVE-2023-41882 via vantage6 (>=0.0.0 <=3.9.0rc4)
vantage6 PYPI version =0.0.0, =0.0.0, =0.0.0, =3.11.1 Source cves: CVE-2023-41882 Source advisory: OSV:PYSEC-2023-201...
CVE-2023-41882 vantage6 Improper Access Control vulnerability
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...
CVE-2023-41882 vantage6 Improper Access Control vulnerability
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...
CVE-2023-41882
Vantage6 vulnerability: The /api/collaboration/{id}/task endpoint incorrectly enforces access control prior to version 4.0.0 by only checking collaboration permission instead of task-permission. Affected product: vantage6 privacy-preserving federated learning infrastructure. Patch: version 4.0.0 ...