Security Headers Not Set in Affected Versions of vantage6-UI
CVE-2024-24562

5.3MEDIUM

Key Information:

Vendor: Vantage6
Status: Vantage6-ui
Vendor: CVE Published:; 14 March 2024

What is CVE-2024-24562?

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Affected Version(s)

vantage6-UI <= 4.2.0

References

https://github.com/vantage6/vantage6-UI/security/advisori...

x_refsource_CONFIRM

https://github.com/vantage6/vantage6-UI/commit/68dfa66141...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Jan 25, 2024

CVE-2024-24562 Data

JSON

Vantage6

What is CVE-2024-24562?

Affected Version(s)

References

CVSS V3.1

Timeline