CVE-2023-22738

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 3.8.0

Description The issue concerns a privacy-preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organization is currently possible, which may lead to unintended access. If a user from one organization is accidentally assigned to another, they will retain their permissions and might be able to access data they should not be allowed to access.

Recommendations For versions prior to 3.8.0, update to version 3.8.0 to resolve the issue. As a temporary workaround, consider restricting user assignments to prevent accidental transfers between organizations until the update is applied.