CVE-2022-39228

Опубликовано: 01 мар. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

EPSS Низкий

Описание

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.

Ссылки

https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
Patch
https://github.com/vantage6/vantage6/issues/59
Issue Tracking
Vendor Advisory
https://github.com/vantage6/vantage6/pull/281
Patch
Vendor Advisory
https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
Vendor Advisory
https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
Patch
https://github.com/vantage6/vantage6/issues/59
Issue Tracking
Vendor Advisory
https://github.com/vantage6/vantage6/pull/281
Patch
Vendor Advisory
https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*

Версия от 3.3.3 (включая) до 3.8.0 (исключая)

EPSS

Процентиль: 34%

0.00138

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-203

Связанные уязвимости

GHSA-36gx-9q6h-g429

CVSS3: 6.5

github

почти 3 года назад

vantage6 vulnerable to Observable Response Discrepancy

EPSS

Процентиль: 34%

0.00138

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-203