CVE-2024-24562: vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been...

Description

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

0.35%

26.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Vantage6	Vantage6-Ui	<= 4.2.0

References

Timeline

Published: Mar 14, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-24562?

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.

How severe is CVE-2024-24562?

CVE-2024-24562 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.35% probability of exploitation in the next 30 days.

How do I fix CVE-2024-24562?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.