CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32969 – vantage6 collaboration admins can extend their influence by expanding the collaboration
https://notcve.org/view.php?id=CVE-2024-32969
23 May 2024 — vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the im... • https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24562 – Security headers not set in vantage6-UI
https://notcve.org/view.php?id=CVE-2024-24562
14 Mar 2024 — vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. vantage6-UI es la interfaz de usuario oficial para el servidor vantage6. • https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e • CWE-668: Exposure of Resource to Wrong Sphere CWE-693: Protection Mechanism Failure •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23823 – CORS settings overly permissive in vantage6
https://notcve.org/view.php?id=CVE-2024-23823
14 Mar 2024 — vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. • https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41 • CWE-863: Incorrect Authorization CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24770 – Username timing attack on recover password/MFA token in vantage6
https://notcve.org/view.php?id=CVE-2024-24770
14 Mar 2024 — vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade... • https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b • CWE-208: Observable Timing Discrepancy CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22200 – vantage6-UI docker image leaks software version information
https://notcve.org/view.php?id=CVE-2024-22200
30 Jan 2024 — vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0. vantage6-UI es la interfaz de usuario de vantage6. La imagen de la ventana acoplable utilizada para ejecutar la interfaz de usuario filtra la versión de nginx. • https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22193 – vantage6 unencrypted task can be created in encrypted collaboration
https://notcve.org/view.php?id=CVE-2024-22193
30 Jan 2024 — The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. • https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21671 – vantage6 username timing attack
https://notcve.org/view.php?id=CVE-2024-21671
30 Jan 2024 — The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability. La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). • https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21653 – vantage6 insecure SSH configuration for node and server containers
https://notcve.org/view.php?id=CVE-2024-21653
30 Jan 2024 — The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the dock... • https://github.com/vantage6/vantage6/commit/3fcc6e6a8bd1142fd7a558d8fdd2b246e55c8841 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21649 – Remote code execution
https://notcve.org/view.php?id=CVE-2024-21649
30 Jan 2024 — The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. La tecnología vantage6 permite gestionar e implementar tecnologías que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). Antes de 4.2.0, los usuarios auten... • https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47631 – vantage6 Node accepts non-whitelisted algorithms from malicious server
https://notcve.org/view.php?id=CVE-2023-47631
14 Nov 2023 — vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server may modify it to set a fake `parent_id` and send a task of a non-whitelisted algorithm. The node will then execute it because the `parent_id` that is set prevents checks from being run. This impacts all servers that are breached by... • https://github.com/vantage6/vantage6/blob/version/4.1.1/vantage6-node/vantage6/node/docker/docker_manager.py#L265-L268 • CWE-345: Insufficient Verification of Data Authenticity •