Description
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w
Scores
CVSS v3
5.4
EPSS
0.0035
EPSS Percentile
26.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-693
CWE-668
Status
published
Products (1)
vantage6/vantage6-ui
< 4.2.0
Published
Mar 14, 2024
Tracked Since
Feb 18, 2026