CVE-2023-22738 Information

Description

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.

Reference

https://github.com/vantage6/vantage6/security/advisories/GHSA-vvjv-97j8-94xh https://github.com/vantage6/vantage6/commit/798aca1de142a4eca175ef51112e2235642f4f24