CVE-2023-41881

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.0.0

Description vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources, such as tasks from that collaboration, should be deleted to manage data properly and prevent a potential side-effect. This side-effect could allow authenticated users in a new collaboration to see results of a deleted collaboration if the new collaboration has the same id as the deleted one.

Recommendations For versions prior to 4.0.0, update to version 4.0.0 to resolve the issue. As a temporary workaround, consider restricting access to collaborations and their linked resources to minimize the risk of information disclosure until a patch is applied.