vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| vantage6-server(PyPI) | 0 | 4.11.0 | N/A |
CVSS Metrics
