CVE-2022-39228

CVSS V2 None CVSS V3 None
Description
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.
Overview
  • CVE ID
  • CVE-2022-39228
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-01T17:15:10
  • Last Modified Date
  • 2023-03-09T00:56:31
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:* 1 OR 3.3.3 3.8.0
History
Created Old Value New Value Data Type Notes
2023-04-17 05:49:24 Added to TrackCVE
2023-04-17 05:49:26 Weakness Enumeration new