logo

Database

Improper authorization control for web services In vantage6

Description

Improper Access Control in vantage6 node

Impact

Malicious algorithms can potentially access other algorithms input and output files.

Patches

Todo

Workarounds

Verify and restrict the algorithm containers that are allowed to run on your node. See here on how to do this.

References

https://docs.vantage6.ai/usage/running-the-node/security

For more information

If you have any questions or comments about this advisory:

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-x9f6-9rvm-mmrg2. GCVE-GHSA-x9f6-9rvm-mmrg

References

1. https://github.com/vantage6/vantage6/security/advisories/GHSA-x9f6-9rvm-mmrg2. https://github.com/vantage6/vantage6/issues/1932

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.