← volver
CVE-2024-24562

Security headers not set in vantage6-UI

CVSS 5.4 MEDIUMEPSS 0.3%CWE-668CWE-693
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Productos afectados
vantage6 · vantage6-UI

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2ehttps://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w