What is CVE-2023-22738?

CVE-2023-22738 is a vulnerability in vantage6, a privacy-preserving federated learning infrastructure, that allows users to be assigned to unintended organizations, potentially leading to unintended access.

How severe is the CVE-2023-22738 vulnerability?

The CVE-2023-22738 vulnerability has a severity score of 6.5, which is considered medium.

Which software versions are affected by CVE-2023-22738?

The CVE-2023-22738 vulnerability affects Vantage6 versions up to and excluding 3.6.1, versions between 3.7.0 and 3.7.3 (inclusive), and versions 3.8.0-rc1, 3.8.0-rc2, and 3.8.0-rc3.

How can I fix the CVE-2023-22738 vulnerability?

To fix the CVE-2023-22738 vulnerability, update your vantage6 installation to version 3.7.4 or later.

Where can I find more information about the CVE-2023-22738 vulnerability?

You can find more information about the CVE-2023-22738 vulnerability in the vantage6 GitHub repository, specifically in the commit 798aca1de142a4eca175ef51112e2235642f4f24 and the security advisory GHSA-vvjv-97j8-94xh.

Vulnerability/
CVE-2023-22738

medium

6.5

CWE

281

1/3/2023

10/3/2023

CVE-2023-22738

First published: Wed Mar 01 2023(Updated: )

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Vantage6 Vantage6	<3.6.1
Vantage6 Vantage6	>=3.7.0<=3.7.3
Vantage6 Vantage6	=3.8.0-rc1
Vantage6 Vantage6	=3.8.0-rc2
Vantage6 Vantage6	=3.8.0-rc3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-22738?
CVE-2023-22738 is a vulnerability in vantage6, a privacy-preserving federated learning infrastructure, that allows users to be assigned to unintended organizations, potentially leading to unintended access.
How severe is the CVE-2023-22738 vulnerability?
The CVE-2023-22738 vulnerability has a severity score of 6.5, which is considered medium.
Which software versions are affected by CVE-2023-22738?
The CVE-2023-22738 vulnerability affects Vantage6 versions up to and excluding 3.6.1, versions between 3.7.0 and 3.7.3 (inclusive), and versions 3.8.0-rc1, 3.8.0-rc2, and 3.8.0-rc3.
How can I fix the CVE-2023-22738 vulnerability?
To fix the CVE-2023-22738 vulnerability, update your vantage6 installation to version 3.7.4 or later.
Where can I find more information about the CVE-2023-22738 vulnerability?
You can find more information about the CVE-2023-22738 vulnerability in the vantage6 GitHub repository, specifically in the commit 798aca1de142a4eca175ef51112e2235642f4f24 and the security advisory GHSA-vvjv-97j8-94xh.

collector/nvd-index
vendor/vantage6
product/vantage6
canonical/vantage6 vantage6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.