How severe is CVE-2024-24770?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-24770?

This is classified as CWE-208, which is a common weakness in software security.

CVE-2024-24770 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2014-125055

MEDIUM

CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing di...

CWE-2082014

CVE-2014-125056

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to obser...

CWE-2082014

CVE-2016-15015

MEDIUM

CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulatio...

CWE-2082016

CVE-2022-20752

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauth...

CWE-2082022

CVE-2022-42288

MEDIUM

CVSS:5.3(Medium)

NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.

CWE-2082022

CVE-2023-1538

MEDIUM

CVSS:5.3(Medium)

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

CWE-2082023