CVE-2024-24562
MEDIUMvantage6-UI - Info Disclosure
Title source: llmDescription
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
Scores
CVSS v3
5.4
EPSS
0.0012
EPSS Percentile
31.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Classification
CWE
CWE-693
CWE-668
Status
published
Affected Products (1)
vantage6/vantage6-ui
< 4.2.0
Timeline
Published
Mar 14, 2024
Tracked Since
Feb 18, 2026