CVE-2024-24562

Summary

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Affected Software

VendorProductVersion RangeStatus
vantage6vantage6-UI<= 4.2.0affected

Weaknesses

  • CWE-693: CWE-693: Protection Mechanism Failure
  • CWE-668: CWE-668: Exposure of Resource to Wrong Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References