CVE-2024-32969

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.5.0rc3

Description The issue allows collaboration administrators to add extra organizations to their collaboration, extending their influence. They can create new users for which they know the passwords and use this access to read task results of other collaborations that the included organization is involved in. This is limited to relatively trusted users with access to manage a collaboration, which reduces the impact.

Recommendations For versions prior to 4.5.0rc3, update to version 4.5.0rc3 or later to resolve the issue. As a temporary workaround, consider restricting the ability of collaboration administrators to add new organizations or create new users until the update can be applied.