PT-2022-8712 · Webank · Webank Fate

Published

2021-01-22

Updated

2022-06-28

CVE-2020-25459

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions WeBank FATE (Federated AI Technology Enabler) versions 0.1 through 1.4.2

Description An issue in the sync tree function in hetero decision tree guest.py allows attackers to read sensitive information during the training process of machine learning joint modeling.

Recommendations For WeBank FATE (Federated AI Technology Enabler) versions 0.1 through 1.4.2, consider disabling the sync tree function in hetero decision tree guest.py as a temporary workaround until a patch is available.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2020-25459

MGASA-2021-0049

Affected Products

Webank Fate

PT-2022-8712 · Webank · Webank Fate

CVE-2020-25459

Weakness Enumeration

Related Identifiers

Affected Products

References · 9