CVE-2024-22193

Published: Jan 30, 2024

Modified: Jun 17, 2025

PUBLISHED

CVSS v3.1

3.5

LOW

Description

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.

Vendor	Product	Versions
vantage6	vantage6	affected `< 4.2.0`

Weaknesses (CWE)

CWE-922

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr

x_refsource_CONFIRM

https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-22193

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References