VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-det8-gewh-xbhe

Essentials
Severities (17)
References (7)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-det8-gewh-xbhe
Aliases	CVE-2024-22193 GHSA-rjmv-52mp-gjrr PYSEC-2024-32
Summary	The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.
Status	Published
Exploitability	0.5
Weighted Severity	3.9
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-922	Insecure Storage of Sensitive Information
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00197	https://api.first.org/data/v1/epss?cve=CVE-2024-22193
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-rjmv-52mp-gjrr
cvssv3.1	3.5	https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-32.yaml
generic_textual	LOW	https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-32.yaml
cvssv3.1	3.5	https://github.com/vantage6/vantage6
generic_textual	LOW	https://github.com/vantage6/vantage6
cvssv3.1	3.5	https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
cvssv3.1	4.3	https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
generic_textual	LOW	https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
ssvc	Track	https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
cvssv3.1	3.5	https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
cvssv3.1	4.3	https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
cvssv3.1_qr	LOW	https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
generic_textual	LOW	https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
ssvc	Track	https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
cvssv3.1	3.5	https://nvd.nist.gov/vuln/detail/CVE-2024-22193
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-22193

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-22193
		https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-32.yaml
		https://github.com/vantage6/vantage6
		https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074
		https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr
CVE-2024-22193		https://nvd.nist.gov/vuln/detail/CVE-2024-22193
GHSA-rjmv-52mp-gjrr		https://github.com/advisories/GHSA-rjmv-52mp-gjrr

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2024-32.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/vantage6/vantage6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:47:42Z/ Found at https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T19:47:42Z/ Found at https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-22193

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.41458
EPSS Score	0.00197
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:33:57.842311+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/vantage6/PYSEC-2024-32.yaml	38.6.0