Skip to content

Improper Access Control in vantage6

Low
frankcorneliusmartin published GHSA-gc57-xhh5-m94r Oct 11, 2023

Package

pip vantage6 (pip)

Affected versions

< 3.3.3

Patched versions

None

Description

Impact

The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, currently it is only checked if the user has permission to view the collaboration.

Patches

No

Workarounds

None

References

None

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2023-41882

Weaknesses