What is CVE-2023-41881?

CVE-2023-41881 is a low-severity vulnerability in Vantage6, classified under Information Disclosure. CVSS score: 3.7/10. Published 2023-10-11.

How severe is CVE-2023-41881?

Low severity. CVSS v3 base score is 3.7 out of 10.

Information disclosure in Vantage6

CVE-2023-41881

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent…

Vulnerability class: Information Disclosure

EPSS: 0.001 (24.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Vantage6 — versions < 4.0.0

Weakness classification (CWE)

References

https://github.com/vantage6/vantage6/security/advisories/GHSA-rf54-7qrr-96j6 (x_refsource_CONFIRM)
https://github.com/vantage6/vantage6/pull/748 (x_refsource_MISC)
https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-41881?: CVE-2023-41881 is a low-severity vulnerability in Vantage6, classified under Information Disclosure. CVSS score: 3.7/10. Published 2023-10-11.
How severe is CVE-2023-41881?: Low severity. CVSS v3 base score is 3.7 out of 10.