Exploit Report

Exploit Report

Computer Security And Bug Information

CVE-2022-39228

Last Updated: March 9, 2023
CVECVE-2022-39228
CVE Title
Published Date2023-03-01T17:15Z
Modified Date2023-03-09T00:56Z
CWE TypeCWE-203
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Descriptionvantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
Reference DescriptionMISC https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
Reference URLhttps://github.com/vantage6/vantage6/pull/281
Reference DescriptionMISC https://github.com/vantage6/vantage6/pull/281
Reference URLhttps://github.com/vantage6/vantage6/issues/59
Reference DescriptionMISC https://github.com/vantage6/vantage6/issues/59
Reference URLhttps://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
Reference DescriptionMISC https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
TagsVendor Advisory
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles