CVE-2023-41881

Опубликовано: 11 окт. 2023

Источник: nvd

CVSS3: 3.7

CVSS3: 4.3

EPSS Низкий

Описание

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.

Ссылки

https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400
Release Notes
https://github.com/vantage6/vantage6/pull/748
Patch
https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6
Third Party Advisory
https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400
Release Notes
https://github.com/vantage6/vantage6/pull/748
Patch
https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*

Версия до 4.0.0 (исключая)

EPSS

Процентиль: 23%

0.00078

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-rf54-7qrr-96j6

CVSS3: 3.7

github

больше 2 лет назад

vantage6 does not properly delete linked resources when deleting a collaboration

EPSS

Процентиль: 23%

0.00078

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo