CVE-2024-23823
vantage6's CORS settings overly permissive
4.2
MEDIUM
CVSS 3.1
EPSS 0.20%
Description
### Impact The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies ### Patches No ### Workarounds No
How to fix CVE-2024-23823
To remediate CVE-2024-23823, upgrade the affected package to a fixed version below.
- —upgrade to 4.3.0 or later
Is CVE-2024-23823 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.3.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |