Vantage6
Monthly
Improper access control in vantage6 nodes prior to version 5.0.0 allows malicious algorithm containers to read input and output files belonging to other algorithms running on the same node. This directly undermines the core privacy guarantee of the platform - a federated learning infrastructure explicitly designed for privacy-preserving analysis - by exposing sensitive intermediate data to adversarially crafted algorithms. No public exploit has been identified at time of analysis, and a patch is available in version 5.0.0.
Default hardcoded admin credentials in vantage6 expose servers running versions prior to 5.0.0 to unauthorized administrative access by any network-accessible attacker who attempts the well-known username 'root' and password 'root'. The vantage6 server initializes with this superuser account on first deployment, and administrators who fail to change or delete it leave a predictable, trivially exploitable entry point. While not confirmed actively exploited (no CISA KEV listing), the predictability of the credential pair and the sensitivity of vantage6's federated privacy-preserving analytics data make this a meaningful operational risk for unpatched deployments.
vantage6 servers auto-generate JWT secret keys using UUID1, a predictable algorithm that lacks cryptographic strength, allowing attackers to forge authentication tokens and gain unauthorized access to the privacy-preserving analysis platform. This affects all vantage6 versions prior to 4.11.0 where users have not manually defined a strong JWT secret. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, as attackers can impersonate legitimate users without needing privileges or user interaction.
Critical authentication bypass vulnerability in vantage6 (an open-source federated learning and privacy-enhancing technology framework) that allows attackers with valid authenticated session access to brute-force user passwords through the change password endpoint without rate limiting or account lockout protections. An attacker can enumerate passwords infinitely by calling the password change route repeatedly, receiving detailed error messages indicating password correctness. The vulnerability affects vantage6 versions prior to 4.11 and carries a CVSS score of 9.8 (critical severity).
Improper access control in vantage6 nodes prior to version 5.0.0 allows malicious algorithm containers to read input and output files belonging to other algorithms running on the same node. This directly undermines the core privacy guarantee of the platform - a federated learning infrastructure explicitly designed for privacy-preserving analysis - by exposing sensitive intermediate data to adversarially crafted algorithms. No public exploit has been identified at time of analysis, and a patch is available in version 5.0.0.
Default hardcoded admin credentials in vantage6 expose servers running versions prior to 5.0.0 to unauthorized administrative access by any network-accessible attacker who attempts the well-known username 'root' and password 'root'. The vantage6 server initializes with this superuser account on first deployment, and administrators who fail to change or delete it leave a predictable, trivially exploitable entry point. While not confirmed actively exploited (no CISA KEV listing), the predictability of the credential pair and the sensitivity of vantage6's federated privacy-preserving analytics data make this a meaningful operational risk for unpatched deployments.
vantage6 servers auto-generate JWT secret keys using UUID1, a predictable algorithm that lacks cryptographic strength, allowing attackers to forge authentication tokens and gain unauthorized access to the privacy-preserving analysis platform. This affects all vantage6 versions prior to 4.11.0 where users have not manually defined a strong JWT secret. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, as attackers can impersonate legitimate users without needing privileges or user interaction.
Critical authentication bypass vulnerability in vantage6 (an open-source federated learning and privacy-enhancing technology framework) that allows attackers with valid authenticated session access to brute-force user passwords through the change password endpoint without rate limiting or account lockout protections. An attacker can enumerate passwords infinitely by calling the password change route repeatedly, receiving detailed error messages indicating password correctness. The vulnerability affects vantage6 versions prior to 4.11 and carries a CVSS score of 9.8 (critical severity).