What is the severity of CVE-2024-22193?

CVE-2024-22193 has a significant severity as it can lead to sensitive data being stored unencrypted in a database.

How do I fix CVE-2024-22193?

To fix CVE-2024-22193, ensure that input is properly encrypted before creating tasks in encrypted collaborations.

What type of software is affected by CVE-2024-22193?

CVE-2024-22193 affects versions of the Vantage6 software up to but not including version 4.2.0.

What data is exposed due to CVE-2024-22193?

CVE-2024-22193 may expose sensitive input data that is accidentally stored unencrypted in a database.

Can CVE-2024-22193 occur in environments using encryption?

Yes, CVE-2024-22193 can occur even in encrypted environments if there are no checks on the input encryption status.

Vulnerability/
CVE-2024-22193

medium

4.3

CWE

922

EPSS

0.045%

30/1/2024

1/8/2024

CVE-2024-22193: vantage6 unencrypted task can be created in encrypted collaboration

First published: Tue Jan 30 2024(Updated: )

### Impact There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. ### Workarounds This is not an issue with the normal workflow, only if e.g. a user with the python client sets encryption to the wrong value.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
pip/vantage6	<4.2.0	4.2.0
Vantage6	<4.2.0

Remedy

https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-22193?
CVE-2024-22193 has a significant severity as it can lead to sensitive data being stored unencrypted in a database.
How do I fix CVE-2024-22193?
To fix CVE-2024-22193, ensure that input is properly encrypted before creating tasks in encrypted collaborations.
What type of software is affected by CVE-2024-22193?
CVE-2024-22193 affects versions of the Vantage6 software up to but not including version 4.2.0.
What data is exposed due to CVE-2024-22193?
CVE-2024-22193 may expose sensitive input data that is accidentally stored unencrypted in a database.
Can CVE-2024-22193 occur in environments using encryption?
Yes, CVE-2024-22193 can occur even in encrypted environments if there are no checks on the input encryption status.

agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
agent/severity
agent/remedy
agent/softwarecombine
collector/github-advisory-latest
source/GitHub
alias/GHSA-rjmv-52mp-gjrr
alias/CVE-2024-22193
agent/software-canonical-lookup
agent/references
agent/event
collector/github-advisory
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/pip
vendor/vantage6
canonical/vantage6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.