The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.
References
Configurations
History
08 Feb 2024, 16:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:* | |
CWE | CWE-203 | |
First Time |
Vantage6 vantage6
Vantage6 |
|
References | () https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30 - Patch | |
References | () https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 - Vendor Advisory |
30 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-30 16:15
Updated : 2024-02-08 16:42
NVD link : CVE-2024-21671
Mitre link : CVE-2024-21671
CVE.ORG link : CVE-2024-21671
JSON object : View
Products Affected
vantage6
- vantage6