CVE-2024-22193
Vulnerability from cvelistv5
Published
2024-01-30 15:50
Modified
2024-08-01 22:35
Severity
3.5 (Low) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
vantage6 unencrypted task can be created in encrypted collaboration
References
SourceURLTags
security-advisories@github.comhttps://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074Patch
security-advisories@github.comhttps://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrrVendor Advisory
Impacted products
VendorProduct
vantage6vantage6
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr"
          },
          {
            "name": "https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vantage6",
          "vendor": "vantage6",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database.  Users should ensure they set the encryption setting correctly.  This vulnerability is patched in 4.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-922",
              "description": "CWE-922: Insecure Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-30T15:50:09.928Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr"
        },
        {
          "name": "https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074"
        }
      ],
      "source": {
        "advisory": "GHSA-rjmv-52mp-gjrr",
        "discovery": "UNKNOWN"
      },
      "title": "vantage6 unencrypted task can be created in encrypted collaboration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-22193",
    "datePublished": "2024-01-30T15:50:09.928Z",
    "dateReserved": "2024-01-08T04:59:27.370Z",
    "dateUpdated": "2024-08-01T22:35:34.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-22193\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-30T16:15:48.310\",\"lastModified\":\"2024-02-08T16:41:38.277\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database.  Users should ensure they set the encryption setting correctly.  This vulnerability is patched in 4.2.0.\"},{\"lang\":\"es\",\"value\":\"La tecnolog\u00eda vantage6 permite gestionar e implementar tecnolog\u00edas que mejoran la privacidad, como el Federated Learning (FL) y la Multi-Party Computation (MPC). No se comprueba si la entrada est\u00e1 cifrada si se crea una tarea en una colaboraci\u00f3n cifrada. Por lo tanto, un usuario puede crear accidentalmente una tarea con datos de entrada confidenciales que luego se almacenar\u00e1n sin cifrar en una base de datos. Los usuarios deben asegurarse de configurar correctamente la configuraci\u00f3n de cifrado. Esta vulnerabilidad est\u00e1 parcheada en 4.2.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.0\",\"matchCriteriaId\":\"A9E3A3A7-C004-4E76-B2A3-46F0F1C68AD4\"}]}]}],\"references\":[{\"url\":\"https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.