How severe is CVE-2022-39228?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-39228?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2022-39228 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0.

Related Vulnerabilities

CVE-2014-9720

MEDIUM

CVSS:6.5(Medium)

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determin...

CWE-2032014

CVE-2018-10919

MEDIUM

CVSS:6.5(Medium)

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential ...

CWE-2032018

CVE-2019-13456

MEDIUM

CVSS:6.5(Medium)

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks info...

CWE-2032019

CVE-2020-6400

MEDIUM

CVSS:6.5(Medium)

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032020

CVE-2020-6473

MEDIUM

CVSS:6.5(Medium)

Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CWE-2032020

CVE-2021-0086

MEDIUM

CVSS:6.5(Medium)

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CWE-2032021