Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2024/03/15 4:44 p.m.15 views

vantage6-algorithm-store (>=4.10.0 <=4.15.1rc1), vantage6-node (>=0.0.0 <=4.15.1rc1) +1 more potentially affected by CVE-2024-24770 via vantage6 (>=0.0.0 <=4.2.3)

vantage6 PYPI version =0.0.0, =4.10.0, =0.0.0, =0.0.0, =4.15.1rc1 Source cves: CVE-2024-24770 Source advisory: OSV:GHSA-5H3X-6GWF-73JM...

5.3CVSS5.9AI score0.00394EPSS
Exploits0
NVD
NVD
added 2024/03/14 7:15 p.m.29 views

CVE-2024-24770

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...

5.3CVSS5.2AI score0.00394EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/14 6:47 p.m.16 views

CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...

5.3CVSS5.6AI score0.00394EPSS
Exploits0References3
CVE
CVE
added 2024/03/14 6:47 p.m.96 views

CVE-2024-24770

Vantage6 exposes two API endpoints, /recover/lost and /2fa/lost, which allow an attacker to enumerate existing usernames via recovery-email behavior or timing differences. Root cause: inadequate access controls on recovery utilities leading to user enumeration. Impact: potential targeted credenti...

5.3CVSS5.2AI score0.00394EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/14 6:47 p.m.36 views

CVE-2024-24770 Username timing attack on recover password/MFA token in vantage6

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes /recover/lost and /2fa/lost...

5.3CVSS5.5AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder