CVE-2024-24562

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24562

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24562.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24562

Aliases

GHSA-gwq3-pvwq-4c9w

Published

2024-03-14T18:52:31.109Z

Modified

2026-04-10T05:09:50.034456Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Security headers not set in vantage6-UI

Details

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24562.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-668",
        "CWE-693"
    ]
}

References

Affected packages

Git / github.com/vantage6/vantage6-ui

Affected ranges

Type: GIT
Repo: https://github.com/vantage6/vantage6-ui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

68dfa661415182da0e5717bd58db3d00aedcbd2e

Affected versions

version/3.*

version/3.3.6

version/3.3.6-post1

version/3.3.7

version/3.3.7-post1

version/3.3.7-post2

version/3.3.7-post3

version/3.4.0

version/3.5.0

version/3.5.1

version/3.5.2

version/3.5.3

version/3.6.0

version/3.6.1

version/3.7.0

version/3.7.1

version/3.8.0

version/4.*

version/4.0.2

version/4.0.3

version/4.0.4

version/4.1.0

version/4.2.0

version/4.3.0b1

version/4.3.0b2

version/4.3.0b3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24562.json"