CVE-2023-22738

Advisory

### Impact
Assigning existing users to a different organization is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access.

### Patches
Update to 3.8.0

### Workarounds
None

### References
None

### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/advisories/GHSA-vvjv-97j8-94xh
• https://nvd.nist.gov/vuln/detail/CVE-2023-22738
• https://github.com/vantage6/vantage6/security/advisories/GHSA-vvjv-97j8-94xh
• https://github.com/vantage6/vantage6/commit/798aca1de142a4eca175ef51112e2235642f4f24
• https://github.com/vantage6/vantage6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22738