CVE-2024-22200

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions vantage6-UI versions prior to 4.2.0

Description The issue is related to insufficient protection of service data in the vantage6-UI interface, which can allow a remote attacker to gain unauthorized access to protected information. The docker image used to run the UI leaks the nginx version.

Recommendations For versions prior to 4.2.0, to mitigate the vulnerability, users can run the UI as an angular application. At the moment, there is no other information about additional mitigation measures for this vulnerability.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2024-01963

CVE-2024-22200

GHSA-8WXQ-346H-XMR8

Affected Products

Nginx

Vantage6-Ui

CVE-2024-22200

Weakness Enumeration

Related Identifiers

Affected Products

References · 8