bart

3 exploits Active since Mar 2023
CVE-2023-22738 WRITEUP MEDIUM WRITEUP
vantage6 <3.8.0 - Privilege Escalation
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.
CVSS 6.3
CVE-2023-23929 WRITEUP HIGH WRITEUP
vantage6 - Info Disclosure
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.
CVSS 8.8
CVE-2023-23930 WRITEUP MEDIUM WRITEUP
vantage6 <4.0.0 - Code Injection
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.
CVSS 5.5