114 matches found
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...
CVE-2024-45393
Summary: CVAT prior to 2.18.0 is affected by a vulnerability where an account holder can access webhook delivery information for any webhook (including others’) and can redeliver past deliveries or trigger a ping event. The underlying issue is missing authorization for webhook delivery endpoints....
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...
PT-2024-31597 · Unknown · Computer Vision Annotation Tool
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.18.0 Description: The Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook...
CVE-2024-37306
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
CVE-2024-37164
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37306
CVAT (Computer Vision Annotation Tool) information disclosure via CSRF affects versions 2.2.0–2.14.3. The vulnerability enables an attacker who can lure a logged‑in CVAT user to a malicious URL to trigger a dataset export or backup from a project/task/job the user can export, directing output to ...
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
CVE-2024-37306 CVAT's export and backup-related API endpoints are susceptible to CSRF
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a...
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37164
CVE-2024-37164 affects CVAT up to version 2.14.3. An account-attached SSRF vulnerability allows specifying cloud-storage endpoints with intranet/internals names to probe CVAT’s network and, if a compatible web server exists on that network, possibly create a linked cloud storage and later list, e...
PT-2024-27464 · Cvat · Cvat
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions 2.2.0 through 2.14.3 Description: The issue allows an attacker to initiate a dataset export or a backup from a project, task, or job that the victim user has permission to export into a cloud...
CVE-2022-27234
Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...
CVE-2022-27234
Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...
Server side request forgery (ssrf)
Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...
CVE-2022-27234
Server-side request forgery in the CVAT software maintained by IntelR before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access...