CVE-2024-24562

Published: Mar 14, 2024

Modified: Aug 1, 2024

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Vendor	Product	Versions
vantage6	vantage6-UI	affected `<= 4.2.0`

Weaknesses (CWE)

CWE-693

CWE-668

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w

x_refsource_CONFIRM

https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-24562

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References