CVE-2024-24562

MEDIUM

vantage6-UI - Info Disclosure

Title source: llm

Description

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

References (2)

[Vendor Advisory] https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w

[Patch] https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e

View Patch ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-693 CWE-668

Status published

Products (1)

vantage6/vantage6-ui < 4.2.0

Published Mar 14, 2024

Tracked Since Feb 18, 2026