CVE-2024-22200

Published: Jan 30, 2024Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.

Affected (1)

Products: Vantage6: Vantage6 Ui

Vantage6

1 product

Vantage6 Ui

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vantage6 Vantage6 Ui	Before 4.2.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020

Source: security-advisories@github.com

Patch

https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8

Source: security-advisories@github.com

Vendor Advisory

https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.