CVE-2024-24562

MEDIUM EPSS 26.8%
Published Mar 14, 20242y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Mar 14, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
26.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-668
CWE-693

Affected Products 1

VendorProductVersionRange
vantage6vantage6-ui* ≤4.2.0

References 2

  • github.com https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e
    Patch
  • github.com https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w
    Vendor Advisory

Remediation

  • github.com https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e
    Patch