Bart van Beusekom

9 exploits Active since Nov 2023
CVE-2023-47631 WRITEUP HIGH WRITEUP
vantage6 < 4.1.2 - Insufficient Verification of Data Authenticity via Parent ID Bypass
vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server may modify it to set a fake `parent_id` and send a task of a non-whitelisted algorithm. The node will then execute it because the `parent_id` that is set prevents checks from being run. This impacts all servers that are breached by an expert user. This vulnerability has been patched in version 4.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.2
CVE-2024-21649 WRITEUP HIGH WRITEUP
vantage6 < 4.2.0 - Authenticated Remote Code Execution via Algorithm Environment Variables
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
CVSS 8.8
CVE-2024-21653 WRITEUP MEDIUM WRITEUP
vantage6 < 4.2.0 - Improper Access Control via Default SSH Configuration
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability.
CVSS 6.5
CVE-2024-21671 WRITEUP LOW WRITEUP
vantage6 < 4.2.0 - Observable Timing Discrepancy in Login Response
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.
CVSS 3.7
CVE-2024-22193 WRITEUP LOW WRITEUP
vantage6 < 4.2.0 - Insecure Storage of Sensitive Information
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.
CVSS 3.5
CVE-2024-22200 WRITEUP LOW WRITEUP
vantage6-ui < 4.2.0 - Nginx Version Exposure
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.
CVSS 3.3
CVE-2024-23823 WRITEUP MEDIUM WRITEUP
vantage6 < 4.2.1 and >=0 < 4.3.0 - Permissive Cross-domain Security Policy
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.
CVSS 4.2
CVE-2024-24562 WRITEUP MEDIUM WRITEUP
vantage6-ui < 4.2.0 - Missing Security Headers
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
CVSS 5.4
CVE-2024-32969 WRITEUP LOW WRITEUP
vantage6 < 4.5.0rc3 - Improper Access Control via Organization Addition
vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.
CVSS 2.7