CVE-2022-39228

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-39228

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39228.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39228

Aliases

Published

2023-03-01T16:23:18.720Z

Modified

2026-04-10T04:51:13.548497Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Observable Response Discrepancy in vantage6

Details

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39228.json",
    "cwe_ids": [
        "CWE-203",
        "CWE-204"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type: GIT
Repo: https://github.com/vantage6/vantage6
Events: Introduced

0f33cb19b0e3b179a5d79dffaefe12a245238bba

Fixed

37fdb65014acab498e7d29894ee75d19aed7df6d

Affected versions

v3.*

v3.4.0

v3.4.0a2

v3.4.0a3

v3.4.0a4

v3.4.0a6

v3.4.1

v3.4.1a0

v3.4.1a1

v3.4.1a2

v3.4.1a3

v3.4.2

v3.4.2a0

v3.4.3

v3.5.0

v3.5.0rc2

v3.5.0rc3

v3.5.1

v3.5.2

v3.6.1

v3.6.1rc1

v3.6.1rc2

v3.6.1rc3

v3.7.0

v3.7.0rc1

v3.7.0rc2

v3.7.1

v3.7.2

v3.7.3

v3.8.0rc2

v3.8.0rc3

version/3.*

version/3.3.3

version/3.3.4

version/3.3.5

version/3.3.6

version/3.3.7

version/3.3.8a1

version/3.3.8a2

version/3.3.8a3

version/3.3.8a4

version/3.3.8a5

version/3.3.8a6

version/3.3.8a7

version/3.3.8a8

version/3.3.8a9

version/3.4.0

version/3.4.0a0

version/3.4.0a1

version/3.4.0a2

version/3.4.0a3

version/3.4.0a4

version/3.4.0a5

version/3.4.0a6

version/3.4.1

version/3.4.1a0

version/3.4.1a1

version/3.4.1a2

version/3.4.1a3

version/3.4.2

version/3.4.2a0

version/3.4.3

version/3.5.0

version/3.5.0rc2

version/3.5.0rc3

version/3.5.1

version/3.5.2

version/3.6.1

version/3.6.1rc1

version/3.6.1rc2

version/3.6.1rc3

version/3.7.0

version/3.7.0rc1

version/3.7.0rc2

version/3.7.1

version/3.7.2

version/3.7.3

version/3.8.0rc2

version/3.8.0rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39228.json"