Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vantage6 Server JWT secret not cryptographically secure
Vulnerability Description
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
CVSS Information
N/A
Vulnerability Type
使用不充分的随机数
Vulnerability Title
vantage6 安全特征问题漏洞
Vulnerability Description
vantage6是vantage6开源的一个用于 Secure Insight eXchange 的开源 priVAcy preserviNg federalTed leArningG 基础架构。 vantage6 4.11.0之前版本存在安全特征问题漏洞,该漏洞源于JWT密钥自动生成不安全,可能导致密钥预测。
CVSS Information
N/A
Vulnerability Type
N/A