Vulnerability Description
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vantage6 | Vantage6-Ui | <= 4.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aPatch
- https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9wVendor Advisory
- https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aPatch
- https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9wVendor Advisory
FAQ
What is CVE-2024-24562?
CVE-2024-24562 is a vulnerability with a CVSS score of 5.4 (MEDIUM). vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected...
How severe is CVE-2024-24562?
CVE-2024-24562 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-24562?
Check the references section above for vendor advisories and patch information. Affected products include: Vantage6 Vantage6-Ui.