CVE-2024-23823 – vantage6

Package

Manager: pip
Name: vantage6
Vulnerable Version: >=0 <4.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00197 pctl0.41845

Details

vantage6's CORS settings overly permissive ### Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies ### Patches No ### Workarounds No

Metadata

Created: 2024-03-15T16:42:55Z
Modified: 2024-03-15T16:42:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-4946-85pr-fvxh/GHSA-4946-85pr-fvxh.json
CWE IDs: ["CWE-863", "CWE-942"]
Alternative ID: GHSA-4946-85pr-fvxh
Finding: F184
Auto approve: 1