vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.
Published 2023-10-11 20:15:11
Updated 2023-10-18 02:24:32
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2023-41881

0.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41881

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.8
1.4
NIST
3.7
LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
0.6
2.7
GitHub, Inc.

CWE ids for CVE-2023-41881

References for CVE-2023-41881

Products affected by CVE-2023-41881

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!