cvelistv5 - cve-2023-41881

CVE-2023-41881 (GCVE-0-2023-41881)

Vulnerability from cvelistv5 – Published: 2023-10-11 19:30 – Updated: 2024-09-17 14:02

Summary

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
CWE-708 - Incorrect Ownership Assignment

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vantage6/vantage6/security/adv…	x_refsource_CONFIRM
	https://github.com/vantage6/vantage6/pull/748	x_refsource_MISC
	https://github.com/vantage6/vantage6/blob/0682c42…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vantage6	vantage6	Affected: < 4.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:49.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
          },
          {
            "name": "https://github.com/vantage6/vantage6/pull/748",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vantage6/vantage6/pull/748"
          },
          {
            "name": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T13:49:13.313630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T14:02:51.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vantage6",
          "vendor": "vantage6",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-708",
              "description": "CWE-708: Incorrect Ownership Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-11T19:30:43.808Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
        },
        {
          "name": "https://github.com/vantage6/vantage6/pull/748",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vantage6/vantage6/pull/748"
        },
        {
          "name": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
        }
      ],
      "source": {
        "advisory": "GHSA-rf54-7qrr-96j6",
        "discovery": "UNKNOWN"
      },
      "title": "Deleting a collaboration should also delete linked resources"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-41881",
    "datePublished": "2023-10-11T19:30:43.808Z",
    "dateReserved": "2023-09-04T16:31:48.224Z",
    "dateUpdated": "2024-09-17T14:02:51.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.0.0\", \"matchCriteriaId\": \"21C07998-FF3A-4F49-B6B7-97E89CB0A6B4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.\"}, {\"lang\": \"es\", \"value\": \"vantage6 es una infraestructura de aprendizaje federada que preserva la privacidad. Cuando se elimina una colaboraci\\u00f3n, se deben eliminar los recursos vinculados (como las tareas de esa colaboraci\\u00f3n). Esto es en parte para administrar los datos correctamente, pero tambi\\u00e9n para evitar un efecto secundario potencial (pero poco probable) que afecte a las versiones anteriores a la 4.0.0, donde si se elimina una colaboraci\\u00f3n con id=10 y posteriormente se crea una nueva colaboraci\\u00f3n con id =10, los usuarios autenticados en esa colaboraci\\u00f3n podr\\u00edan ver los resultados de la colaboraci\\u00f3n eliminada en algunos casos. La versi\\u00f3n 4.0.0 contiene un parche para este problema. No se conocen workarounds.\"}]",
      "id": "CVE-2023-41881",
      "lastModified": "2024-11-21T08:21:50.647",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.6, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2023-10-11T20:15:10.617",
      "references": "[{\"url\": \"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/vantage6/vantage6/pull/748\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/vantage6/vantage6/pull/748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-708\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-41881\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-11T20:15:10.617\",\"lastModified\":\"2024-11-21T08:21:50.647\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.\"},{\"lang\":\"es\",\"value\":\"vantage6 es una infraestructura de aprendizaje federada que preserva la privacidad. Cuando se elimina una colaboraci\u00f3n, se deben eliminar los recursos vinculados (como las tareas de esa colaboraci\u00f3n). Esto es en parte para administrar los datos correctamente, pero tambi\u00e9n para evitar un efecto secundario potencial (pero poco probable) que afecte a las versiones anteriores a la 4.0.0, donde si se elimina una colaboraci\u00f3n con id=10 y posteriormente se crea una nueva colaboraci\u00f3n con id =10, los usuarios autenticados en esa colaboraci\u00f3n podr\u00edan ver los resultados de la colaboraci\u00f3n eliminada en algunos casos. La versi\u00f3n 4.0.0 contiene un parche para este problema. No se conocen workarounds.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.6,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-708\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0.0\",\"matchCriteriaId\":\"21C07998-FF3A-4F49-B6B7-97E89CB0A6B4\"}]}]}],\"references\":[{\"url\":\"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/vantage6/vantage6/pull/748\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/vantage6/vantage6/pull/748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Deleting a collaboration should also delete linked resources\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-200\", \"lang\": \"en\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-708\", \"lang\": \"en\", \"description\": \"CWE-708: Incorrect Ownership Assignment\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"scope\": \"CHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\"}, {\"name\": \"https://github.com/vantage6/vantage6/pull/748\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vantage6/vantage6/pull/748\"}, {\"name\": \"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\"}], \"affected\": [{\"vendor\": \"vantage6\", \"product\": \"vantage6\", \"versions\": [{\"version\": \"\u003c 4.0.0\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-11T19:30:43.808Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.\"}], \"source\": {\"advisory\": \"GHSA-rf54-7qrr-96j6\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:09:49.296Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6\"}, {\"name\": \"https://github.com/vantage6/vantage6/pull/748\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/vantage6/vantage6/pull/748\"}, {\"name\": \"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-41881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-17T13:49:13.313630Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T14:02:46.195Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-41881\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2023-09-04T16:31:48.224Z\", \"datePublished\": \"2023-10-11T19:30:43.808Z\", \"dateUpdated\": \"2024-09-17T14:02:51.483Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-RF54-7QRR-96J6

Vulnerability from github – Published: 2023-10-16 14:31 – Updated: 2024-11-18 23:12

Summary

vantage6 does not properly delete linked resources when deleting a collaboration

Details

When a collaboration is deleted in vantage6, the linked resources (such as tasks from that collaboration) are not properly deleted.

This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases, resulting in information disclosure.

Severity ?

3.7 (Low)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

1.0 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vantage6"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-16T14:31:39Z",
    "nvd_published_at": "2023-10-11T20:15:10Z",
    "severity": "LOW"
  },
  "details": "When a collaboration is deleted in vantage6, the linked resources (such as tasks from that collaboration) are not properly deleted.\n\nThis is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases, resulting in information disclosure.",
  "id": "GHSA-rf54-7qrr-96j6",
  "modified": "2024-11-18T23:12:55Z",
  "published": "2023-10-16T14:31:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41881"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/pull/748"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/commit/cce9538f8b70e814c080dd0ae43b297f3af8a732"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2023-200.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vantage6/vantage6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "vantage6 does not properly delete linked resources when deleting a collaboration"
}

PYSEC-2023-200

Vulnerability from pysec - Published: 2023-10-11 20:15 - Updated: 2023-10-18 05:26

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impacted products

Name	purl
vantage6	pkg:pypi/vantage6

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vantage6",
        "purl": "pkg:pypi/vantage6"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.0",
        "0.0.0b0",
        "0.0.0b1",
        "0.0.0b3",
        "1.0.0",
        "1.0.0a1",
        "1.0.0a2",
        "1.0.0b10",
        "1.0.0b11",
        "1.0.0b12",
        "1.0.0b13",
        "1.0.0b14",
        "1.0.0b2",
        "1.0.0b3",
        "1.0.0b4",
        "1.0.0b5",
        "1.0.0b6",
        "1.0.0b7",
        "1.0.0b8",
        "1.0.0b9",
        "1.1.0",
        "1.1.0rc1",
        "1.1.0rc2",
        "1.2.0",
        "1.2.1",
        "1.2.2",
        "1.2.3",
        "1.2.3.post2",
        "2.0.0",
        "2.0.0.post1",
        "2.0.0a1",
        "2.0.0a2",
        "2.0.0a3",
        "2.0.1rc1",
        "2.0.1rc2",
        "2.1.0",
        "2.1.0rc1",
        "2.1.1",
        "2.2.0",
        "2.2.0b1",
        "2.2.0b2",
        "2.2.0b3",
        "2.2.0b4",
        "2.2.1",
        "2.2.10",
        "2.2.11",
        "2.2.12",
        "2.2.2",
        "2.2.3",
        "2.2.4",
        "2.2.5",
        "2.2.6",
        "2.2.7",
        "2.2.8",
        "2.2.9",
        "2.3.0",
        "2.3.0rc1",
        "2.3.0rc2",
        "2.3.0rc3",
        "2.3.0rc4",
        "2.3.0rc5",
        "2.3.1",
        "2.3.2",
        "2.3.2rc1",
        "2.3.3",
        "2.3.4",
        "2.3.5",
        "2.3.5b1",
        "3.0.0",
        "3.0.0b1",
        "3.0.0b2",
        "3.0.0b3",
        "3.0.0b4",
        "3.0.0b5",
        "3.0.0b6",
        "3.0.0b7",
        "3.0.0b8",
        "3.0.0rc1",
        "3.0.1",
        "3.0.2",
        "3.0.3",
        "3.0.4",
        "3.1.0",
        "3.1.0rc1",
        "3.1.0rc5",
        "3.1.0rc6",
        "3.1.0rc7",
        "3.1.0rc8",
        "3.1.0rc9",
        "3.1.1rc1",
        "3.1.1rc2",
        "3.10.0",
        "3.10.0rc1",
        "3.10.1",
        "3.10.3",
        "3.10.4",
        "3.11.0",
        "3.11.0rc1",
        "3.11.0rc2",
        "3.11.0rc3",
        "3.11.1",
        "3.2.0",
        "3.2.0rc1",
        "3.2.0rc2",
        "3.2.0rc3",
        "3.2.0rc4",
        "3.2.0rc5",
        "3.3.0",
        "3.3.0a0",
        "3.3.0rc1",
        "3.3.0rc2",
        "3.3.0rc3",
        "3.3.0rc4",
        "3.3.1",
        "3.3.2",
        "3.3.3",
        "3.3.4",
        "3.3.5",
        "3.3.6",
        "3.3.7",
        "3.3.7a2",
        "3.3.7a3",
        "3.3.8a1",
        "3.3.8a2",
        "3.3.8a4",
        "3.3.8a5",
        "3.3.8a6",
        "3.3.8a7",
        "3.3.8a8",
        "3.4.0",
        "3.4.0a1",
        "3.4.0a2",
        "3.4.0a3",
        "3.4.0a6",
        "3.4.1",
        "3.4.1a0",
        "3.4.1a1",
        "3.4.1a2",
        "3.4.1a3",
        "3.4.2",
        "3.4.2a0",
        "3.4.3",
        "3.5.0",
        "3.5.0rc1",
        "3.5.0rc2",
        "3.5.0rc3",
        "3.5.1",
        "3.5.2",
        "3.6.0",
        "3.6.1",
        "3.6.1rc1",
        "3.6.1rc2",
        "3.6.1rc3",
        "3.7.0",
        "3.7.0rc1",
        "3.7.0rc2",
        "3.7.1",
        "3.7.2",
        "3.7.3",
        "3.8.0",
        "3.8.0rc3",
        "3.8.1",
        "3.8.2",
        "3.8.2rc1",
        "3.8.3",
        "3.8.4",
        "3.8.5",
        "3.8.6",
        "3.8.7",
        "3.8.7rc1",
        "3.8.8",
        "3.8.8rc1",
        "3.8.8rc2",
        "3.8.8rc3",
        "3.9.0",
        "3.9.0rc2",
        "3.9.0rc4",
        "4.0.0a10",
        "4.0.0a2",
        "4.0.0a3",
        "4.0.0a4",
        "4.0.0a5",
        "4.0.0a6",
        "4.0.0a7",
        "4.0.0a8",
        "4.0.0a9"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41881",
    "GHSA-rf54-7qrr-96j6"
  ],
  "details": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.",
  "id": "PYSEC-2023-200",
  "modified": "2023-10-18T05:26:18.112311+00:00",
  "published": "2023-10-11T20:15:00+00:00",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/vantage6/vantage6/pull/748"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-41881

Vulnerability from fkie_nvd - Published: 2023-10-11 20:15 - Updated: 2024-11-21 08:21

Severity ?

3.7 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400	Release Notes
security-advisories@github.com	https://github.com/vantage6/vantage6/pull/748	Patch
security-advisories@github.com	https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vantage6/vantage6/pull/748	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6	Third Party Advisory

Impacted products

	Vendor	Product	Version
	vantage6	vantage6	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C07998-FF3A-4F49-B6B7-97E89CB0A6B4",
              "versionEndExcluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds."
    },
    {
      "lang": "es",
      "value": "vantage6 es una infraestructura de aprendizaje federada que preserva la privacidad. Cuando se elimina una colaboraci\u00f3n, se deben eliminar los recursos vinculados (como las tareas de esa colaboraci\u00f3n). Esto es en parte para administrar los datos correctamente, pero tambi\u00e9n para evitar un efecto secundario potencial (pero poco probable) que afecte a las versiones anteriores a la 4.0.0, donde si se elimina una colaboraci\u00f3n con id=10 y posteriormente se crea una nueva colaboraci\u00f3n con id =10, los usuarios autenticados en esa colaboraci\u00f3n podr\u00edan ver los resultados de la colaboraci\u00f3n eliminada en algunos casos. La versi\u00f3n 4.0.0 contiene un parche para este problema. No se conocen workarounds."
    }
  ],
  "id": "CVE-2023-41881",
  "lastModified": "2024-11-21T08:21:50.647",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-11T20:15:10.617",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vantage6/vantage6/pull/748"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vantage6/vantage6/pull/748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-708"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-41881

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-41881

Aliases

CVE-2023-41881

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-41881",
    "id": "GSD-2023-41881"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-41881"
      ],
      "details": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.",
      "id": "GSD-2023-41881",
      "modified": "2023-12-13T01:20:45.710998Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-41881",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "vantage6",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 4.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "vantage6"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-200",
                "lang": "eng",
                "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-708",
                "lang": "eng",
                "value": "CWE-708: Incorrect Ownership Assignment"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
            "refsource": "MISC",
            "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
          },
          {
            "name": "https://github.com/vantage6/vantage6/pull/748",
            "refsource": "MISC",
            "url": "https://github.com/vantage6/vantage6/pull/748"
          },
          {
            "name": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
            "refsource": "MISC",
            "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-rf54-7qrr-96j6",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-41881"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/vantage6/vantage6/pull/748",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/vantage6/vantage6/pull/748"
            },
            {
              "name": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400"
            },
            {
              "name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-10-18T02:24Z",
      "publishedDate": "2023-10-11T20:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-41881 (GCVE-0-2023-41881)

GHSA-RF54-7QRR-96J6

PYSEC-2023-200

FKIE_CVE-2023-41881

GSD-2023-41881

Tags

Sightings

Nomenclature