The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.
References
Configurations
History
21 Nov 2024, 08:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30 - Patch | |
References | () https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 - Vendor Advisory |
08 Feb 2024, 16:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:* | |
CWE | CWE-203 | |
First Time |
Vantage6 vantage6
Vantage6 |
|
References | () https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30 - Patch | |
References | () https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 - Vendor Advisory |
30 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-30 16:15
Updated : 2024-11-21 08:54
NVD link : CVE-2024-21671
Mitre link : CVE-2024-21671
CVE.ORG link : CVE-2024-21671
JSON object : View
Products Affected
vantage6
- vantage6