CVE-2024-24769

Source
https://cve.org/CVERecord?id=CVE-2024-24769
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24769.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-24769
Aliases
Published
2026-06-17T22:07:59.310Z
Modified
2026-07-08T08:05:28.970465025Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Vantage6: No limit on emails sent for password/MFA reset
Details

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam sender. Note resetting the MFA token requires a correct password, so the potential impact for this is very low. Version 5.0.0 fixes the issue. No known workarounds are available.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24769.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-400"
    ]
}
References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type
GIT
Repo
https://github.com/vantage6/vantage6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.0.0"
        }
    ]
}

Affected versions

v3.*
v3.4.0
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0a6
v3.4.1
v3.4.1a0
v3.4.1a1
v3.4.1a2
v3.4.1a3
v3.4.2
v3.4.2a0
v3.4.3
v3.5.0
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.2
v3.6.1
v3.6.1rc1
v3.6.1rc2
v3.6.1rc3
v3.7.0
v3.7.0rc1
v3.7.0rc2
v3.7.1
v3.7.2
v3.7.3
v3.8.0rc2
v3.8.0rc3
version/0.*
version/0.0.0b3
version/3.*
version/3.10.0
version/3.10.1
version/3.10.2
version/3.10.3
version/3.10.4
version/3.3.0
version/3.3.0rc1
version/3.3.0rc2
version/3.3.0rc3
version/3.3.0rc4
version/3.3.1
version/3.3.2
version/3.3.3
version/3.3.4
version/3.3.5
version/3.3.6
version/3.3.7
version/3.3.8a1
version/3.3.8a2
version/3.3.8a3
version/3.3.8a4
version/3.3.8a5
version/3.3.8a6
version/3.3.8a7
version/3.3.8a8
version/3.3.8a9
version/3.4.0
version/3.4.0a0
version/3.4.0a1
version/3.4.0a2
version/3.4.0a3
version/3.4.0a4
version/3.4.0a5
version/3.4.0a6
version/3.4.1
version/3.4.1a0
version/3.4.1a1
version/3.4.1a2
version/3.4.1a3
version/3.4.2
version/3.4.2a0
version/3.4.3
version/3.5.0
version/3.5.0rc2
version/3.5.0rc3
version/3.5.1
version/3.5.2
version/3.6.1
version/3.6.1rc1
version/3.6.1rc2
version/3.6.1rc3
version/3.7.0
version/3.7.0rc1
version/3.7.0rc2
version/3.7.1
version/3.7.2
version/3.7.3
version/3.8.0rc2
version/3.8.0rc3
version/3.9.0
version/3.9.0rc1
version/3.9.0rc2
version/3.9.0rc3
version/3.9.0rc4
version/4.*
version/4.0.3
version/4.1.0
version/4.1.1
version/4.1.2
version/4.1.3
version/4.2.2
version/4.2.3
version/4.3.2
version/4.5.1
version/4.5.2
version/4.5.5
version/5.*
version/5.0.0a0
version/5.0.0a10
version/5.0.0a11
version/5.0.0a12
version/5.0.0a13
version/5.0.0a14
version/5.0.0a15
version/5.0.0a16
version/5.0.0a17
version/5.0.0a18
version/5.0.0a19
version/5.0.0a2
version/5.0.0a20
version/5.0.0a21
version/5.0.0a22
version/5.0.0a23
version/5.0.0a24
version/5.0.0a25
version/5.0.0a26
version/5.0.0a28
version/5.0.0a29
version/5.0.0a3
version/5.0.0a30
version/5.0.0a31
version/5.0.0a32
version/5.0.0a33
version/5.0.0a34
version/5.0.0a35
version/5.0.0a36
version/5.0.0a38
version/5.0.0a39
version/5.0.0a4
version/5.0.0a40
version/5.0.0a41
version/5.0.0a42
version/5.0.0a43
version/5.0.0a44
version/5.0.0a46
version/5.0.0a47
version/5.0.0a5
version/5.0.0a6
version/5.0.0a7
version/5.0.0a8
version/5.0.0a9
version/5.0.0b1
version/5.0.0rc1
version/5.0.0rc10
version/5.0.0rc2
version/5.0.0rc3
version/5.0.0rc4
version/5.0.0rc5
version/5.0.0rc6
version/5.0.0rc7
version/5.0.0rc8
version/5.0.0rc9
version/5.0.0rc91

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24769.json"