CVE-2023-22738

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-22738

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22738.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22738

Aliases

Published

2023-03-01T20:22:13.113Z

Modified

2026-04-10T04:55:27.244673Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Improper Preservation of Permissions in vantage6

Details

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22738.json",
    "cwe_ids": [
        "CWE-281"
    ]
}

References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type: GIT
Repo: https://github.com/vantage6/vantage6
Events: Introduced

a7c03d403b053d4158dbd74c4aa7020b92a81e83

Fixed

37fdb65014acab498e7d29894ee75d19aed7df6d

Affected versions

v3.*

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.8.0rc2

v3.8.0rc3

version/3.*

version/3.7.0

version/3.7.1

version/3.7.2

version/3.7.3

version/3.8.0rc2

version/3.8.0rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22738.json"