CVE-2023-23929

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-23929
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-23929.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-23929
Aliases
Published
2023-03-03T23:37:50.748Z
Modified
2026-04-16T04:11:00.873103Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Refresh tokens do not expire in Vantage6
Details

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.

Database specific 
{
    "cwe_ids": [
        "CWE-613"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23929.json"
}
References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type
GIT
Repo
https://github.com/vantage6/vantage6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
37fdb65014acab498e7d29894ee75d19aed7df6d
Fixed
48ebfca42359e9a6743e9598684585e2522cdce8
Database specific 
{
    "cpe": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.0"
        }
    ]
}

Affected versions

v3.*
v3.4.0
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0a6
v3.4.1
v3.4.1a0
v3.4.1a1
v3.4.1a2
v3.4.1a3
v3.4.2
v3.4.2a0
v3.4.3
v3.5.0
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.2
v3.6.1
v3.6.1rc1
v3.6.1rc2
v3.6.1rc3
v3.7.0
v3.7.0rc1
v3.7.0rc2
v3.7.1
v3.7.2
v3.7.3
v3.8.0rc2
v3.8.0rc3
version/0.*
version/0.0.0b3
version/3.*
version/3.3.0
version/3.3.0rc1
version/3.3.0rc2
version/3.3.0rc3
version/3.3.0rc4
version/3.3.1
version/3.3.2
version/3.3.3
version/3.3.4
version/3.3.5
version/3.3.6
version/3.3.7
version/3.3.8a1
version/3.3.8a2
version/3.3.8a3
version/3.3.8a4
version/3.3.8a5
version/3.3.8a6
version/3.3.8a7
version/3.3.8a8
version/3.3.8a9
version/3.4.0
version/3.4.0a0
version/3.4.0a1
version/3.4.0a2
version/3.4.0a3
version/3.4.0a4
version/3.4.0a5
version/3.4.0a6
version/3.4.1
version/3.4.1a0
version/3.4.1a1
version/3.4.1a2
version/3.4.1a3
version/3.4.2
version/3.4.2a0
version/3.4.3
version/3.5.0
version/3.5.0rc2
version/3.5.0rc3
version/3.5.1
version/3.5.2
version/3.6.1
version/3.6.1rc1
version/3.6.1rc2
version/3.6.1rc3
version/3.7.0
version/3.7.0rc1
version/3.7.0rc2
version/3.7.1
version/3.7.2
version/3.7.3
version/3.8.0rc2
version/3.8.0rc3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-23929.json"