CVE-2023-41882

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-41882

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41882.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-41882

Aliases

Published

2023-10-11T19:48:44.606Z

Modified

2026-04-10T05:01:21.785816Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

vantage6 Improper Access Control vulnerability

Details

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284",
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41882.json"
}

References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type: GIT
Repo: https://github.com/vantage6/vantage6
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7948b4b29f203df3b87f2f2a65bb44ee3e58433b

Affected versions

version/0.*

version/0.0.0b3

version/3.*

version/3.3.0

version/3.3.0rc1

version/3.3.0rc2

version/3.3.0rc3

version/3.3.0rc4

version/3.3.1

version/3.3.2

version/3.3.3

version/3.3.4

version/3.3.5

version/3.3.6

version/4.*

version/4.0.0a1

version/4.0.0a10

version/4.0.0a2

version/4.0.0a3

version/4.0.0a4

version/4.0.0a5

version/4.0.0a6

version/4.0.0a7

version/4.0.0a8

version/4.0.0a9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41882.json"