CVE-2022-39228
CVSS V2 None
CVSS V3 None
Description
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.
Overview
- CVE ID
- CVE-2022-39228
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-01T17:15:10
- Last Modified Date
- 2023-03-09T00:56:31
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:* | 1 | OR | 3.3.3 | 3.8.0 |
References
Reference URL | Reference Tags |
---|---|
https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2 | Patch |
https://github.com/vantage6/vantage6/issues/59 | Issue Tracking Vendor Advisory |
https://github.com/vantage6/vantage6/pull/281 | Patch Vendor Advisory |
https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429 | Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-39228 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39228 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 05:49:24 | Added to TrackCVE | |||
2023-04-17 05:49:26 | Weakness Enumeration | new |