GHSA-vvjv-97j8-94xh

Suggest an improvement
Source
https://github.com/advisories/GHSA-vvjv-97j8-94xh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-vvjv-97j8-94xh/GHSA-vvjv-97j8-94xh.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-vvjv-97j8-94xh
Aliases
Related
Published
2023-02-28T23:19:24Z
Modified
2024-11-18T23:25:20.831263Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
vantage6 vulnerable to Improper Preservation of Permissions
Details

Impact

Assigning existing users to a different organization is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access.

Patches

Update to 3.8.0

Workarounds

None

References

None

For more information

If you have any questions or comments about this advisory: * Email us at vantage6@iknl.nl

Database specific
{
    "nvd_published_at": "2023-03-01T21:15:00Z",
    "cwe_ids": [
        "CWE-281"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-28T23:19:24Z"
}
References

Affected packages

PyPI / vantage6

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.0

Affected versions

0.*

0.0.0b0
0.0.0b1
0.0.0b3
0.0.0

1.*

1.0.0a1
1.0.0a2
1.0.0b2
1.0.0b3
1.0.0b4
1.0.0b5
1.0.0b6
1.0.0b7
1.0.0b8
1.0.0b9
1.0.0b10
1.0.0b11
1.0.0b12
1.0.0b13
1.0.0b14
1.0.0
1.1.0rc1
1.1.0rc2
1.1.0
1.2.0
1.2.1
1.2.2
1.2.3
1.2.3.post2

2.*

2.0.0a1
2.0.0a2
2.0.0a3
2.0.0
2.0.0.post1
2.0.1rc1
2.0.1rc2
2.1.0rc1
2.1.0
2.1.1
2.2.0b1
2.2.0b2
2.2.0b3
2.2.0b4
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.3.0rc1
2.3.0rc2
2.3.0rc3
2.3.0rc4
2.3.0rc5
2.3.0
2.3.1
2.3.2rc1
2.3.2
2.3.3
2.3.4
2.3.5b1
2.3.5

3.*

3.0.0b1
3.0.0b2
3.0.0b3
3.0.0b4
3.0.0b5
3.0.0b6
3.0.0b7
3.0.0b8
3.0.0rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.1.0rc1
3.1.0rc5
3.1.0rc6
3.1.0rc7
3.1.0rc8
3.1.0rc9
3.1.0
3.1.1rc1
3.1.1rc2
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0rc4
3.2.0rc5
3.2.0
3.3.0a0
3.3.0rc1
3.3.0rc2
3.3.0rc3
3.3.0rc4
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7a2
3.3.7a3
3.3.7
3.3.8a1
3.3.8a2
3.3.8a4
3.3.8a5
3.3.8a6
3.3.8a7
3.3.8a8
3.4.0a1
3.4.0a2
3.4.0a3
3.4.0a6
3.4.0
3.4.1a0
3.4.1a1
3.4.1a2
3.4.1a3
3.4.1
3.4.2a0
3.4.2
3.4.3
3.5.0rc1
3.5.0rc2
3.5.0rc3
3.5.0
3.5.1
3.5.2
3.6.0
3.6.1rc1
3.6.1rc2
3.6.1rc3
3.6.1
3.7.0rc1
3.7.0rc2
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0rc3