Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vantage6 Improper Access Control vulnerability
Vulnerability Description
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
vantage6 代码问题漏洞
Vulnerability Description
vantage6是vantage6开源的一个用于 Secure Insight eXchange 的开源 priVAcy preserviNg federalTed leArningG 基础架构。 vantage6 3.3.3之前版本存在代码问题漏洞,该漏洞源于端点 /api/collaboration/{id}/task 用于收集某个协作的所有任务,要获取此类任务,用户应该有权查看协作并查看其中的任务,但是,目前用户仅具有查看协作的权限。
CVSS Information
N/A
Vulnerability Type
N/A