How severe is CVE-2023-28635?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-28635?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-28635

MEDIUM Year: 2023

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.

CVE-2017-2599

MEDIUM

CVSS:5.4(Medium)

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't hav...

CWE-8632017

CVE-2018-1000106

MEDIUM

CVSS:5.4(Medium)

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall...

CWE-8632018

CVE-2018-10212

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

CWE-8632018

CVE-2020-1725

MEDIUM

CVSS:5.4(Medium)

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok...

CWE-8632020

CVE-2020-26555

MEDIUM

CVSS:5.4(Medium)

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing withou...

CWE-8632020

CVE-2020-4794

MEDIUM

CVSS:5.4(Medium)

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensit...

CWE-8632020

CVE-2023-28635

Vulnerability Description

Related Vulnerabilities

CVE-2017-2599

CVE-2018-1000106

CVE-2018-10212

CVE-2020-1725

CVE-2020-26555

CVE-2020-4794