CVE-2024-22200: vantage6-UI docker image leaks software version information
First published: Tue Jan 30 2024(Updated: )
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vantage6 | <4.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-22200?
CVE-2024-22200 is of moderate severity due to information disclosure from the nginx version leak.
How do I fix CVE-2024-22200?
To fix CVE-2024-22200, upgrade the vantage6-UI to version 4.2.0 or later.
What should I do if I cannot upgrade to version 4.2.0 for CVE-2024-22200?
If you cannot upgrade, you can mitigate CVE-2024-22200 by running the UI as an Angular application.
What does CVE-2024-22200 affect?
CVE-2024-22200 affects the vantage6-UI prior to version 4.2.0.
Is there a patch available for CVE-2024-22200?
Yes, a patch for CVE-2024-22200 is available in version 4.2.0 of the vantage6-UI.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/vantage6
- canonical/vantage6