Search criteria
6 vulnerabilities found for vantage6-ui by vantage6
FKIE_CVE-2024-24562
Vulnerability from fkie_nvd - Published: 2024-03-14 19:15 - Updated: 2025-08-06 14:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vantage6 | vantage6-ui | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vantage6:vantage6-ui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62FA4E82-9057-4343-8993-98A899B02820",
"versionEndIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.\n"
},
{
"lang": "es",
"value": "vantage6-UI es la interfaz de usuario oficial para el servidor vantage6. En las versiones afectadas, no se establecen varios encabezados de seguridad. Este problema se solucion\u00f3 en el commit `68dfa6614`, que se espera que se incluya en futuras versiones. Se recomienda a los usuarios que actualicen cuando se realice una nueva versi\u00f3n. Si bien no hay una ruta de actualizaci\u00f3n disponible, los usuarios pueden modificar la compilaci\u00f3n de la imagen de la ventana acoplable para insertar los encabezados en nginx."
}
],
"id": "CVE-2024-24562",
"lastModified": "2025-08-06T14:46:05.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-14T19:15:49.767",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
},
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-22200
Vulnerability from fkie_nvd - Published: 2024-01-30 16:15 - Updated: 2024-11-21 08:55
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vantage6 | vantage6-ui | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vantage6:vantage6-ui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDABDC62-80CD-4CBD-A86D-7C8A5F054290",
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.\n"
},
{
"lang": "es",
"value": "vantage6-UI es la interfaz de usuario de vantage6. La imagen de la ventana acoplable utilizada para ejecutar la interfaz de usuario filtra la versi\u00f3n de nginx. Para mitigar la vulnerabilidad, los usuarios pueden ejecutar la interfaz de usuario como una aplicaci\u00f3n de angular. Esta vulnerabilidad fue parcheada en 4.2.0."
}
],
"id": "CVE-2024-22200",
"lastModified": "2024-11-21T08:55:47.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-30T16:15:48.553",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-24562 (GCVE-0-2024-24562)
Vulnerability from cvelistv5 – Published: 2024-03-14 18:52 – Updated: 2024-08-01 23:19
VLAI?
Title
Security headers not set in vantage6-UI
Summary
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vantage6 | vantage6-UI |
Affected:
<= 4.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T16:33:41.331567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:20.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vantage6-UI",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T18:52:31.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"
}
],
"source": {
"advisory": "GHSA-gwq3-pvwq-4c9w",
"discovery": "UNKNOWN"
},
"title": "Security headers not set in vantage6-UI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24562",
"datePublished": "2024-03-14T18:52:31.109Z",
"dateReserved": "2024-01-25T15:09:40.209Z",
"dateUpdated": "2024-08-01T23:19:52.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22200 (GCVE-0-2024-22200)
Vulnerability from cvelistv5 – Published: 2024-01-30 15:56 – Updated: 2025-05-29 15:05
VLAI?
Title
vantage6-UI docker image leaks software version information
Summary
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vantage6 | vantage6-UI |
Affected:
< 4.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:33.286423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:05:01.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vantage6-UI",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-30T15:56:43.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"
}
],
"source": {
"advisory": "GHSA-8wxq-346h-xmr8",
"discovery": "UNKNOWN"
},
"title": "vantage6-UI docker image leaks software version information"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22200",
"datePublished": "2024-01-30T15:56:43.527Z",
"dateReserved": "2024-01-08T04:59:27.371Z",
"dateUpdated": "2025-05-29T15:05:01.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24562 (GCVE-0-2024-24562)
Vulnerability from nvd – Published: 2024-03-14 18:52 – Updated: 2024-08-01 23:19
VLAI?
Title
Security headers not set in vantage6-UI
Summary
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vantage6 | vantage6-UI |
Affected:
<= 4.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T16:33:41.331567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:20.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vantage6-UI",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T18:52:31.109Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e"
}
],
"source": {
"advisory": "GHSA-gwq3-pvwq-4c9w",
"discovery": "UNKNOWN"
},
"title": "Security headers not set in vantage6-UI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24562",
"datePublished": "2024-03-14T18:52:31.109Z",
"dateReserved": "2024-01-25T15:09:40.209Z",
"dateUpdated": "2024-08-01T23:19:52.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22200 (GCVE-0-2024-22200)
Vulnerability from nvd – Published: 2024-01-30 15:56 – Updated: 2025-05-29 15:05
VLAI?
Title
vantage6-UI docker image leaks software version information
Summary
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vantage6 | vantage6-UI |
Affected:
< 4.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:33.286423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:05:01.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vantage6-UI",
"vendor": "vantage6",
"versions": [
{
"status": "affected",
"version": "\u003c 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-30T15:56:43.527Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"
},
{
"name": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"
}
],
"source": {
"advisory": "GHSA-8wxq-346h-xmr8",
"discovery": "UNKNOWN"
},
"title": "vantage6-UI docker image leaks software version information"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22200",
"datePublished": "2024-01-30T15:56:43.527Z",
"dateReserved": "2024-01-08T04:59:27.371Z",
"dateUpdated": "2025-05-29T15:05:01.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}