Filtered by vendor Vantage6
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22738 | 1 Vantage6 | 1 Vantage6 | 2023-03-10 | N/A | 6.5 MEDIUM |
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0. | |||||
CVE-2023-23929 | 1 Vantage6 | 1 Vantage6 | 2023-03-10 | N/A | 8.8 HIGH |
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. | |||||
CVE-2022-39228 | 1 Vantage6 | 1 Vantage6 | 2023-03-08 | N/A | 6.5 MEDIUM |
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0. |