How severe is CVE-2024-23823?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2024-23823?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-23823

MEDIUM Year: 2024

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.

CVE-2017-8196

MEDIUM

CVSS:4.2(Medium)

FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby queryin...

CWE-8632017

CVE-2018-0803

MEDIUM

CVSS:4.2(Medium)

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Micr...

CWE-8632018

CVE-2020-15248

MEDIUM

CVSS:4.2(Medium)

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" ...

CWE-8632020

CVE-2021-33881

MEDIUM

CVSS:4.2(Medium)

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends ...

CWE-8632021

CVE-2024-7096

MEDIUM

CVSS:4.2(Medium)

A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions on...

CWE-8632024

CVE-2025-21553

MEDIUM

CVSS:4.2(Medium)

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privilege...

CWE-8632025

CVE-2024-23823

Vulnerability Description

Related Vulnerabilities

CVE-2017-8196

CVE-2018-0803

CVE-2020-15248

CVE-2021-33881

CVE-2024-7096

CVE-2025-21553