CVE-2023-47631

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-47631
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47631.json
Aliases
Published
2023-11-14T21:15:13Z
Modified
2023-11-30T07:06:19.419169Z
Details

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a parent_id is set. A malicious party that breaches the server may modify it to set a fake parent_id and send a task of a non-whitelisted algorithm. The node will then execute it because the parent_id that is set prevents checks from being run. This impacts all servers that are breached by an expert user. This vulnerability has been patched in version 4.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type
GIT
Repo
https://github.com/vantage6/vantage6
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

v0.*

v0.0.0

v3.*

v3.4.0
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0a6
v3.4.1
v3.4.1a0
v3.4.1a1
v3.4.1a2
v3.4.1a3
v3.4.2
v3.4.2a0
v3.4.3
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.2
v3.6.1
v3.6.1rc1
v3.6.1rc2
v3.6.1rc3
v3.7.0
v3.7.0rc1
v3.7.0rc2
v3.7.1
v3.7.2
v3.7.3
v3.8.0
v3.8.0rc2
v3.8.0rc3
v3.8.1
v3.8.2
v3.8.2rc1

version/0.*

version/0.0.0
version/0.0.0b3

version/3.*

version/3.10.0
version/3.10.0rc1
version/3.10.1
version/3.10.2
version/3.10.3
version/3.10.4
version/3.11.0
version/3.11.0rc1
version/3.11.0rc2
version/3.11.0rc3
version/3.11.1
version/3.3.0
version/3.3.0rc1
version/3.3.0rc2
version/3.3.0rc3
version/3.3.0rc4
version/3.3.1
version/3.3.2
version/3.3.3
version/3.3.4
version/3.3.5
version/3.3.6
version/3.3.7
version/3.3.8a1
version/3.3.8a2
version/3.3.8a3
version/3.3.8a4
version/3.3.8a5
version/3.3.8a6
version/3.3.8a7
version/3.3.8a8
version/3.3.8a9
version/3.4.0
version/3.4.0a0
version/3.4.0a1
version/3.4.0a2
version/3.4.0a3
version/3.4.0a4
version/3.4.0a5
version/3.4.0a6
version/3.4.1
version/3.4.1a0
version/3.4.1a1
version/3.4.1a2
version/3.4.1a3
version/3.4.2
version/3.4.2a0
version/3.4.3
version/3.5.0
version/3.5.0rc1
version/3.5.0rc2
version/3.5.0rc3
version/3.5.1
version/3.5.2
version/3.6.1
version/3.6.1rc1
version/3.6.1rc2
version/3.6.1rc3
version/3.7.0
version/3.7.0rc1
version/3.7.0rc2
version/3.7.1
version/3.7.2
version/3.7.3
version/3.8.0
version/3.8.0rc1
version/3.8.0rc2
version/3.8.0rc3
version/3.8.1
version/3.8.2
version/3.8.2rc1
version/3.8.3
version/3.8.4
version/3.8.5
version/3.8.6
version/3.8.7
version/3.8.7rc1
version/3.8.8
version/3.8.8rc1
version/3.8.8rc2
version/3.8.8rc3
version/3.9.0
version/3.9.0rc1
version/3.9.0rc2
version/3.9.0rc3
version/3.9.0rc4

version/4.*

version/4.0.0
version/4.0.0a1
version/4.0.0a10
version/4.0.0a2
version/4.0.0a3
version/4.0.0a4
version/4.0.0a5
version/4.0.0a6
version/4.0.0a7
version/4.0.0a8
version/4.0.0a9
version/4.0.1
version/4.0.1rc1
version/4.0.1rc2
version/4.0.2
version/4.0.3
version/4.1.0
version/4.1.0b0
version/4.1.0b1
version/4.1.0rc0
version/4.1.1