{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22200", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.371Z", "datePublished": "2024-01-30T15:56:43.527Z", "dateUpdated": "2024-08-01T22:35:34.944Z"}, "containers": {"cna": {"title": "vantage6-UI docker image leaks software version information", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"}, {"name": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020", "tags": ["x_refsource_MISC"], "url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"}], "affected": [{"vendor": "vantage6", "product": "vantage6-UI", "versions": [{"version": "< 4.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-30T15:56:43.527Z"}, "descriptions": [{"lang": "en", "value": "vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application.  This vulnerability was patched in 4.2.0.\n"}], "source": {"advisory": "GHSA-8wxq-346h-xmr8", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.944Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"}, {"name": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vantage6:vantage6-ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDABDC62-80CD-4CBD-A86D-7C8A5F054290", "versionEndExcluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application.  This vulnerability was patched in 4.2.0.\n"}, {"lang": "es", "value": "vantage6-UI es la interfaz de usuario de vantage6. La imagen de la ventana acoplable utilizada para ejecutar la interfaz de usuario filtra la versi\u00f3n de nginx. Para mitigar la vulnerabilidad, los usuarios pueden ejecutar la interfaz de usuario como una aplicaci\u00f3n de angular. Esta vulnerabilidad fue parcheada en 4.2.0."}], "id": "CVE-2024-22200", "lastModified": "2024-11-21T08:55:47.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-30T16:15:48.553", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}