CVE-2024-23823

MEDIUM4.2EPSS 0.20%

vantage6's CORS settings overly permissive

Published: 3/15/2024Modified: 3/15/2024

Description

### Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies ### Patches No ### Workarounds No

Affected packages (1)

PyPI/vantage6from 0, < 4.3.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-23823
PATCHhttps://github.com/vantage6/vantage6
WEBhttps://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41
WEBhttps://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh