Home > Vulnerability Database > CVE-2024-32969

Mend.io Vulnerability Database

CVE-2024-32969

Good to know:

Date: May 23, 2024

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.

Language: Python

Severity Score

2.7

Related Resources (5)

Url: https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx

Url: https://github.com/vantage6/vantage6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32969

Url: https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56

Url: https://www.mend.io/vulnerability-database/CVE-2024-32969

Severity Score

2.7

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version vantage6 - 4.5.0, vantage6-server - 4.5.0

Learn More

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32969

Good to know:

Date: May 23, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?