Lucene search

Veracode Vulnerability DatabaseVERACODE:47185

HistoryMay 27, 2024 - 5:49 a.m.

Improper Access Control

2024-05-2705:49:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vantage6

improper access control

collaboration

unauthorized actions

software

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vantage6 is vulnerable to Improper Access Control. The vulnerability is caused by a lack of proper permission checks for adding extra organizations to a collaboration, which could result in unauthorized actions for the newly added organizations.

CPENameOperatorVersion
vantage6le4.4.1
vantage6le4.4.1

CPE	Name	Operator	Version
	vantage6	le	4.4.1
	vantage6	le	4.4.1

References

github.com/advisories/GHSA-99r4-cjp4-3hmx

github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56

github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47185