Unrated severityNVD Advisory· Published Mar 14, 2024· Updated Aug 1, 2024

Security headers not set in vantage6-UI

CVE-2024-24562

Description

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Affected products

Vantage6/Vantage6 Uiv5
Range: <= 4.2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2emitrex_refsource_MISC
github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000