CVE-2024-22193

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.2.0

Description The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. This allows a user to accidentally create a task with sensitive input data that will then be stored unencrypted in a database.

Recommendations For versions prior to 4.2.0, ensure that the encryption setting is correctly set when creating tasks in encrypted collaborations to prevent sensitive input data from being stored unencrypted in the database. As a temporary workaround, consider double-checking the encryption settings for each task created in an encrypted collaboration until a patch is applied.