CVE-2023-41882

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Oct 11, 2023

Updated: Oct 18, 2023

CWE ID 863

CWE ID 284

Summary

CVE-2023-41882 is a vulnerability affecting the vantage6 privacy-preserving federated learning infrastructure. Prior to version 4.0.0, the endpoint /api/collaboration/{id}/task was not properly secured, allowing unauthorized users with access to view the collaboration to collect all tasks within it. This issue was due to lacking checks for task-level permissions. Version 4.0.0 includes a patch to address this vulnerability, and no known workarounds exist for exploiting it before the patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vantage6

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sj4IBy
https://www.cve.org/CVERecord?id=CVE-2023-41882
https://nvd.nist.gov/vuln/detail/CVE-2023-41882

Back to Vulnerability Database

CVE-2023-41882

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations