CVE-2024-24770 - OpenCVE

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b
https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53
https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-14T18:47:46.804Z

Updated: 2024-06-04T17:43:03.585Z

Reserved: 2024-01-29T20:51:26.013Z

Link: CVE-2024-24770

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-14T19:15:49.973

Modified: 2024-03-14T20:11:36.180

Link: CVE-2024-24770

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24770", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-29T20:51:26.013Z", "datePublished": "2024-03-14T18:47:46.804Z", "dateUpdated": "2024-06-04T17:43:03.585Z"}, "containers": {"cna": {"title": "Username timing attack on recover password/MFA token in vantage6", "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "lang": "en", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-208", "lang": "en", "description": "CWE-208: Observable Timing Discrepancy", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm"}, {"name": "https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53", "tags": ["x_refsource_MISC"], "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53"}, {"name": "https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b", "tags": ["x_refsource_MISC"], "url": "https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b"}], "affected": [{"vendor": "vantage6", "product": "vantage6", "versions": [{"version": "<= 4.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-14T18:47:46.804Z"}, "descriptions": [{"lang": "en", "value": "vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-5h3x-6gwf-73jm", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24770", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-15T15:47:46.000923Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:43:03.585Z"}}]}}

{"descriptions": [{"lang": "en", "value": "vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "vantage6 es un framework de c\u00f3digo abierto creado para habilitar, administrar e implementar tecnolog\u00edas que mejoran la privacidad, como el aprendizaje federado y la computaci\u00f3n multipartita. Al igual que GHSA-45gq-q4xh-cp53, es posible encontrar qu\u00e9 nombres de usuario existen en vantage6 llamando a las rutas API `/recover/lost` y `/2fa/lost`. Estas rutas env\u00edan correos electr\u00f3nicos a los usuarios si han perdido su contrase\u00f1a o token MFA. Este problema se solucion\u00f3 en el commit \"aecfd6d0e\" y se espera que se incluya en versiones posteriores. Se recomienda a los usuarios que actualicen tan pronto como est\u00e9 disponible una nueva versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."}], "id": "CVE-2024-24770", "lastModified": "2024-03-14T20:11:36.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-14T19:15:49.973", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b"}, {"source": "security-advisories@github.com", "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53"}, {"source": "security-advisories@github.com", "url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-208"}, {"lang": "en", "value": "CWE-362"}], "source": "security-advisories@github.com", "type": "Secondary"}]}