CVE-2023-41881
Summary
| CVE | CVE-2023-41881 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-11 20:15:00 UTC |
| Updated | 2023-10-18 02:24:00 UTC |
| Description | vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Deleting a collaboration should also delete linked resources · Advisory · vantage6/vantage6 · GitHub | MISC | github.com | |
| Add flag whether linked resources should be deleted in delete endpoin… by bartvanb · Pull Request #748 · vantage6/vantage6 · GitHub | MISC | github.com | |
| Release notes | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995585 Python (Pip) Security Update for vantage6 (GHSA-rf54-7qrr-96j6)