Описание
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0 (исключая)
cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00197
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-922
Связанные уязвимости
CVSS3: 3.5
github
около 2 лет назад
vantage6 may create unencrypted tasks in encrypted collaboration
EPSS
Процентиль: 42%
0.00197
Низкий
3.5 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-922