GHSA-7X94-6G2M-3HP2 Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

Improper Authorization

vantage6server is vulnerable to Improper Authorization. The vulnerability exists due to improper validations which allows an attacker to perform unauthorized actions by creating resources with integers as names...

CVE-2023-28635 Defining resource name as integer in vantage6 may give unintended access

vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to...

vantage6 Code Issue Vulnerability

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A code issue vulnerability exists in versions of vantage6 prior to 3.9 that stems from the fact that a malicious user may attempt to access resources they are not...