Skip to main content

Vantage6 CVE-2023-23929

HIGH
Insufficient Session Expiration (CWE-613)
2023-03-04 security-advisories@github.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 04, 2023 - 00:15 nvd
HIGH 8.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 pypi packages depend on vantage6 (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.8.0.

DescriptionNVD

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.

AnalysisAI

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-613. vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. Affected products include: Vantage6. Version information: version 3.8.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-23930 HIGH POC
7.2 Oct 11

vantage6 is privacy preserving federated learning infrastructure. Rated high severity (CVSS 7.2), this vulnerability is

CVE-2025-43863 CRITICAL
9.8 Jun 12

Critical authentication bypass vulnerability in vantage6 (an open-source federated learning and privacy-enhancing techno

CVE-2024-21653 CRITICAL
9.8 Jan 30

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Mul

CVE-2024-21649 HIGH
8.8 Jan 30

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Mul

CVE-2023-47631 HIGH
8.8 Nov 14

vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party

CVE-2025-43866 HIGH
7.5 Jun 12

vantage6 servers auto-generate JWT secret keys using UUID1, a predictable algorithm that lacks cryptographic strength, a

CVE-2026-54445 MEDIUM
6.9 Jun 17

Default hardcoded admin credentials in vantage6 expose servers running versions prior to 5.0.0 to unauthorized administr

CVE-2026-54533 MEDIUM
6.9 Jun 17

Improper access control in vantage6 nodes prior to version 5.0.0 allows malicious algorithm containers to read input and

CVE-2024-23823 MEDIUM
6.5 Mar 14

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Le

CVE-2023-22738 MEDIUM
6.5 Mar 01

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Rated medium severity (C

CVE-2023-28635 MEDIUM
5.4 Oct 11

vantage6 is privacy preserving federated learning infrastructure. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2024-24770 MEDIUM
5.3 Mar 14

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Le

Share

CVE-2023-23929 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy