CVE-2024-22200: vantage6-UI docker image leaks software version information

3.3 CVSS

Description

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.

Classification

CVE ID: CVE-2024-22200

CVSS Base Severity: LOW

CVSS Base Score: 3.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Affected Products

Vendor: vantage6

Product: vantage6-UI

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.13% (probability of being exploited)

EPSS Percentile: 34.24% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-22200
https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8
https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020

Timeline

2025-05-29 16:40:15 UTC
CVE

vantage6-UI docker image leaks software version information