Home > Vulnerability Database > CVE-2024-23823

Mend.io Vulnerability Database

CVE-2024-23823

Good to know:

Date: March 14, 2024

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

4.2

Related Resources (4)

Url: https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23823

Url: https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh

Url: https://www.mend.io/vulnerability-database/CVE-2024-23823

Severity Score

4.2

Weakness Type (CWE)

Permissive Cross-domain Policy with Untrusted Domains

CWE-942

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version vantage6-server - 4.3.0

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23823

Good to know:

Date: March 14, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?