GHSA-45gq-q4xh-cp53

Suggest an improvement
Source
https://github.com/advisories/GHSA-45gq-q4xh-cp53
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-45gq-q4xh-cp53/GHSA-45gq-q4xh-cp53.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-45gq-q4xh-cp53
Aliases
Published
2024-01-30T20:56:48Z
Modified
2024-10-08T07:14:04.729406Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
vantage6 vulnerable to username timing attack
Details

Impact

It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks

Workarounds

No

Database specific
{
    "nvd_published_at": "2024-01-30T16:15:48Z",
    "cwe_ids": [
        "CWE-208"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T20:56:48Z"
}
References

Affected packages

PyPI / vantage6-server

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0

Affected versions

0.*

0.0.0b0
0.0.0b1
0.0.0b3
0.0.0

1.*

1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0b6
1.0.0b7
1.0.0b8
1.0.0b9
1.0.0b11
1.0.0b12
1.0.0b13
1.0.0b14
1.0.0
1.0.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.3.post1

2.*

2.0.0a1
2.0.0a2
2.0.0a3
2.0.0
2.0.0.post1
2.0.1rc1
2.0.1rc2
2.1.0rc1
2.1.0
2.1.1
2.1.2
2.1.3b1
2.1.3b2
2.1.3b3
2.1.3b4
2.2.0b1
2.2.0b2
2.2.0b3
2.2.0b4
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.3.0rc1
2.3.0rc2
2.3.0rc3
2.3.0rc4
2.3.0rc5
2.3.0
2.3.1
2.3.2rc1
2.3.2
2.3.3
2.3.4
2.3.5b1
2.3.5

3.*

3.0.0b1
3.0.0b3
3.0.0b4
3.0.0b5
3.0.0b6
3.0.0b7
3.0.0b8
3.0.0rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0rc1
3.1.0rc5
3.1.0rc6
3.1.0rc7
3.1.0rc8
3.1.0rc9
3.1.0
3.1.1rc1
3.1.1rc2
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0rc4
3.2.0rc5
3.2.0
3.3.0a0
3.3.0rc1
3.3.0rc2
3.3.0rc3
3.3.0rc4
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7a2
3.3.7a3
3.3.7
3.3.8a1
3.3.8a2
3.3.8a4
3.3.8a5
3.3.8a6
3.3.8a7
3.3.8a8
3.4.0a1
3.4.0a2
3.4.0a3
3.4.0a6
3.4.0
3.4.1a0
3.4.1a1
3.4.1a2
3.4.1a3
3.4.1
3.4.2a0
3.4.2
3.4.3
3.5.0rc1
3.5.0rc2
3.5.0rc3
3.5.0
3.5.1
3.5.2
3.6.0
3.6.1rc1
3.6.1rc2
3.6.1rc3
3.6.1
3.7.0rc1
3.7.0rc2
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0rc3
3.8.0
3.8.1
3.8.2rc1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7rc1
3.8.7
3.8.8rc1
3.8.8rc2
3.8.8rc3
3.8.8
3.9.0rc2
3.9.0rc4
3.9.0
3.10.0rc1
3.10.0
3.10.1
3.10.3
3.10.4
3.11.0rc1
3.11.0rc2
3.11.0rc3
3.11.0
3.11.1

4.*

4.0.0a2
4.0.0a3
4.0.0a4
4.0.0a5
4.0.0a6
4.0.0a7
4.0.0a8
4.0.0a9
4.0.0a10
4.0.0
4.0.1rc2
4.0.1
4.0.2
4.0.3
4.1.0b0
4.1.0b1
4.1.0rc0
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0rc1
4.2.0rc2