Lucene search
K

114 matches found

Vulnrichment
Vulnrichment
added 2024/09/10 3:4 p.m.18 views

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

6.4CVSS6.9AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 2024/09/10 3:4 p.m.51 views

CVE-2024-45393

Summary: CVAT prior to 2.18.0 is affected by a vulnerability where an account holder can access webhook delivery information for any webhook (including others’) and can redeliver past deliveries or trigger a ping event. The underlying issue is missing authorization for webhook delivery endpoints....

6.4CVSS6.3AI score0.00242EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/10 3:4 p.m.19 views

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

6.4CVSS0.00242EPSS
Exploits0References2
OSV
OSV
added 2024/09/10 3:4 p.m.19 views

CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...

6.4CVSS6.6AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.8 views

PT-2024-31597 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.18.0 Description: The Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook...

6.4CVSS6.9AI score0.00242EPSS
Exploits0References8
NVD
NVD
added 2024/06/13 3:15 p.m.14 views

CVE-2024-37306

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS0.00206EPSS
Exploits0References2
NVD
NVD
added 2024/06/13 3:15 p.m.39 views

CVE-2024-37164

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

8.5CVSS0.00347EPSS
Exploits0References2
CVE
CVE
added 2024/06/13 2:18 p.m.73 views

CVE-2024-37306

CVAT (Computer Vision Annotation Tool) information disclosure via CSRF affects versions 2.2.0–2.14.3. The vulnerability enables an attacker who can lure a logged‑in CVAT user to a malicious URL to trigger a dataset export or backup from a project/task/job the user can export, directing output to ...

7.1CVSS6.8AI score0.00206EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/13 2:18 p.m.23 views

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS6.6AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/13 2:18 p.m.50 views

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS0.00206EPSS
Exploits0References2
OSV
OSV
added 2024/06/13 2:18 p.m.13 views

CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...

7.1CVSS6.5AI score0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/13 2:10 p.m.18 views

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

7.1CVSS7.2AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/13 2:10 p.m.50 views

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

7.1CVSS0.00347EPSS
Exploits0References2
OSV
OSV
added 2024/06/13 2:10 p.m.31 views

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

7.1CVSS6.9AI score0.00347EPSS
Exploits0References4
CVE
CVE
added 2024/06/13 2:10 p.m.91 views

CVE-2024-37164

CVE-2024-37164 affects CVAT up to version 2.14.3. An account-attached SSRF vulnerability allows specifying cloud-storage endpoints with intranet/internals names to probe CVAT’s network and, if a compatible web server exists on that network, possibly create a linked cloud storage and later list, e...

8.5CVSS7AI score0.00347EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.3 views

PT-2024-27464 · Cvat · Cvat

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions 2.2.0 through 2.14.3 Description: The issue allows an attacker to initiate a dataset export or a backup from a project, task, or job that the victim user has permission to export into a cloud...

7.1CVSS6.8AI score0.00206EPSS
Exploits0References6
NVD
NVD
added 2023/02/16 9:15 p.m.31 views

CVE-2022-27234

Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

6.5CVSS4.9AI score0.00453EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 9:15 p.m.4 views

CVE-2022-27234

Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

6.5CVSS5.8AI score0.00453EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 9:15 p.m.24 views

Server side request forgery (ssrf)

Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

4CVSS6.2AI score0.00453EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/16 8:0 p.m.33 views

CVE-2022-27234

Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...

4.3CVSS6.5AI score0.00453EPSS
Exploits0References1
Rows per page
Query Builder