Home > Vulnerability Database > CVE-2023-41882

Mend.io Vulnerability Database

CVE-2023-41882

Good to know:

Date: October 11, 2023

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.

Language: Python

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41882

Url: https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400

Url: https://github.com/vantage6/vantage6/security/advisories/GHSA-gc57-xhh5-m94r

Url: https://github.com/vantage6/vantage6/pull/711

Url: https://www.mend.io/vulnerability-database/CVE-2023-41882

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version vantage6 - 4.0.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41882

Good to know:

Date: October 11, 2023

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?