Lucene search
K

9267 matches found

Github Security Blog
Github Security Blog
added 2024/01/31 6:4 p.m.28 views

@lobehub/chat vulnerable to unauthorized access to plugins

Description: When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. Proof-of-Concept: Let’s suppose that application has been deployed with following command: sudo docker run -d -p 3210:3210 -...

5.3CVSS6.8AI score0.00482EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/01/30 8:56 p.m.17 views

GHSA-2WGC-48G2-CJ5W vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

6.5CVSS7.9AI score0.00466EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/01/30 8:56 p.m.34 views

vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

9.8CVSS7AI score0.00466EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/01/30 4:15 p.m.28 views

CVE-2024-22200

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

5.3CVSS4.4AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2024/01/30 4:15 p.m.47 views

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

9.8CVSS7.2AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2024/01/30 4:15 p.m.19 views

Authentication flaw

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

7.5CVSS7.2AI score0.00466EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/30 4:15 p.m.17 views

Design/Logic Flaw

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

5CVSS7AI score0.00335EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/30 4:15 p.m.32 views

PYSEC-2024-33

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

9.8CVSS7.2AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2024/01/30 4:15 p.m.37 views

PYSEC-2024-34

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

9.8CVSS7.2AI score0.00466EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/30 3:56 p.m.6 views

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

3.3CVSS7AI score0.00335EPSS
Exploits0References2
CVE
CVE
added 2024/01/30 3:56 p.m.54 views

CVE-2024-22200

Summary: CVE-2024-22200 affects vantage6-UI where the docker image leaks the nginx version, potentially enabling information disclosure. The issue is described in a Red Hat/PT Security entry as a broader vulnerability in the vantage6-UI interface with insufficient protection of service data, allo...

5.3CVSS5.2AI score0.00335EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/30 3:56 p.m.34 views

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

3.3CVSS5.5AI score0.00335EPSS
Exploits0References2
OSV
OSV
added 2024/01/30 3:56 p.m.183 views

CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

3.3CVSS5.5AI score0.00335EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/30 3:39 p.m.17 views

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

6.5CVSS6.9AI score0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/30 3:39 p.m.46 views

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

6.5CVSS9.7AI score0.00466EPSS
Exploits0References2
CVE
CVE
added 2024/01/30 3:39 p.m.46 views

CVE-2024-21653

The CVE-2024-21653 entry concerns the vantage6 architecture where node/server containers expose SSH with root login and password authentication by default. The root-cause is an insecure default SSH configuration rather than a flaw in core logic, and the described mitigation is to remove the SSH p...

9.8CVSS9.3AI score0.00466EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/30 3:39 p.m.167 views

CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

6.5CVSS9.2AI score0.00466EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.3 views

vantage6 Information Disclosure Vulnerability

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. vantage6 An information disclosure vulnerability exists in vantage6-UI that stems from the docker image used to run the UI disclosing the nginx version...

5.3CVSS6.2AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.3 views

PT-2024-19000 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. By default, nodes and servers receive an ssh config...

9.8CVSS9.4AI score0.00466EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.5 views

The vulnerability of the official interface for developing container applications in Plone Docker exists due to the lack of measures to neutralize special elements. This allows a hacker to execute arbitrary code.

The vulnerability of the official Plone Docker image exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting code into the HOST header...

10CVSS6.8AI score0.01246EPSS
Exploits1References3
Rows per page
Query Builder