Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tkb7-qyaj-zfcz
Vulnerability ID VCID-tkb7-qyaj-zfcz
Aliases CVE-2022-39228
GHSA-36gx-9q6h-g429
GMS-2023-491
PYSEC-2023-313
PYSEC-2023-52
Summary vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-203 Observable Discrepancy
CWE-204 Observable Response Discrepancy
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
cvssv3.1 6.5 https://github.com/vantage6/vantage6/issues/59
cvssv3.1 6.5 https://github.com/vantage6/vantage6/pull/281
cvssv3.1 6.5 https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
Reference id Reference type URL
https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2023-313.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/vantage6/PYSEC-2023-52.yaml
https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
https://github.com/vantage6/vantage6/issues/59
https://github.com/vantage6/vantage6/pull/281
https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
CVE-2022-39228 https://nvd.nist.gov/vuln/detail/CVE-2022-39228
GHSA-36gx-9q6h-g429 https://github.com/advisories/GHSA-36gx-9q6h-g429
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/vantage6/vantage6/commit/ab4381c35d24add06f75d5a8a284321f7a340bd2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/vantage6/vantage6/issues/59
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/vantage6/vantage6/pull/281
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/vantage6/vantage6/security/advisories/GHSA-36gx-9q6h-g429
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:18:25.596233+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/vantage6/PYSEC-2023-52.yaml 38.6.0