An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling.
References
Link | Resource |
---|---|
https://github.com/FederatedAI/FATE/commit/6feccf6d752184a6f9365d56a76fe627983e7139 | Patch Third Party Advisory |
Configurations
Information
Published : 2022-06-16 14:15
Updated : 2022-06-28 10:06
NVD link : CVE-2020-25459
Mitre link : CVE-2020-25459
JSON object : View
CWE
CWE-668
Exposure of Resource to Wrong Sphere
Products Affected
webank
- federated_ai_technology_enabler