CVE-2024-21653

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.2.0

Description The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). By default, nodes and servers receive an ssh config that permits root login with password authentication. Although a proper deployment should not expose the SSH service, not all deployments are ideal, and the default configuration should be less permissive.

Recommendations For versions prior to 4.2.0, remove the ssh part from the docker file and rebuild the docker image as a mitigation measure. For version 4.2.0 and later, no action is required as this version patches the vulnerability.