CVE-2024-24562

Published: Mar 14, 2024Modified: Aug 6, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Affected (1)

Products: Vantage6: Vantage6 Ui

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vantage6 Vantage6 Ui	Up to 4.2.0

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (4)

https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e

Source: security-advisories@github.com

Patch

https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w

Source: security-advisories@github.com

Vendor Advisory

https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.