LOW🇵🇱 Wersja polska

CVE-2023-41881

CVSS 3.7v3.1pub. 2023-10-11upd. 2024-11-21

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
  • Vantage6

    APP
    Vantage6
    < 4.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-21649HIGH8.8ten sam produkt

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (F...

CVE-2023-47631HIGH7.2ten sam produkt

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and M...

CVE-2023-23929HIGH8.8ten sam produkt

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the...

CVE-2024-23823MEDIUM4.2ten sam produkt

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Fe...

CVE-2024-24770MEDIUM5.3ten sam produkt

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Fe...