PyPi: Vantage6-Client

CVE-2023-41882

Safety vulnerability ID: 65240

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 11, 2023 Updated at Dec 11, 2024

Scan your Python projects for vulnerabilities →

Advisory

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.

Affected package

vantage6-client

Latest version: 4.8.1

Vantage6 client

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 4.3

CVSS v3 Details

MEDIUM 4.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): NONE
Availability Availability (A): NONE