CVE-2024-32969

vantage6 collaboration admins can extend their influence by expanding the collaboration

Description

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.

Category

2.7
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.12%
Affected: vantage6 vantage6
Published at:
Updated at:

References

Link Tags
https://github.com/vantage6/vantage6/security/advisories/GHSA-99r4-cjp4-3hmx
https://github.com/vantage6/vantage6/commit/27f4ee3fade5f4cbcf3e60899c9a2a91145e0b56

Frequently Asked Questions

What is the severity of CVE-2024-32969?
CVE-2024-32969 has been scored as a low severity vulnerability.
How to fix CVE-2024-32969?
To fix CVE-2024-32969, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-32969 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-32969 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-32969?
CVE-2024-32969 affects vantage6 vantage6.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.