115 matches found
CVE-2024-39272
A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
CVE-2024-43779
CVE-2024-43779 is a information-disclosure vulnerability in ClearML Enterprise Server 3.22.5-1533. The root cause is that the Vault API can expose disabled vault items, allowing an authenticated user to retrieve vault contents via API requests (notably GET /api/v2.30/users.get_vaults). Cisco Talo...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
ClearML Server 安全漏洞
ClearML Server is an open source suite of tools from ClearML that simplifies machine learning workflows. A security vulnerability exists in ClearML Server version 3.22.5-1533. An attacker exploiting this vulnerability could gain access to sensitive information...
ClearML Server 安全漏洞
ClearML Server is an open source suite of tools from ClearML that simplifies machine learning workflows. A security vulnerability exists in ClearML Server version 3.22.5-1533. An attacker can exploit the vulnerability to execute arbitrary html code via a specially crafted HTTP request...
PT-2025-5836 · Unknown · Clearml Enterprise Server
Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533 Description: A cross-site scripting XSS issue exists in the dataset upload functionality. A specially crafted HTTP request can lead to arbitrary HTML code execution. An attacker can send a series ...
ClearML Vault API disabled vaults retrieval vulnerability
Talos Vulnerability Report TALOS-2024-2112 ClearML Vault API disabled vaults retrieval vulnerability February 6, 2025 CVE Number CVE-2024-43779 SUMMARY An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP...
ClearML dataset upload XSS vulnerability
Talos Vulnerability Report TALOS-2024-2110 ClearML dataset upload XSS vulnerability February 6, 2025 CVE Number CVE-2024-39272 SUMMARY A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
Exploit for Deserialization of Untrusted Data in Clear Clearml
ClearML Exploit This repository contains a proof-of-concept e...
Exploit for Deserialization of Untrusted Data in Clear Clearml
Clearml-CVE-2024-24590 CVE-2024-24590 is a vulnerability that...
Exploit for Deserialization of Untrusted Data in Clear Clearml
Clearml-CVE-2024-24590 CVE-2024-24590 is a vulnerability that...
Exploit for Deserialization of Untrusted Data in Clear Clearml
CVE-2024-24590 Deserialization of untrusted data can occur in...
Exploit for Deserialization of Untrusted Data in Clear Clearml
ClearML Exploit Script This repository contains a Python expl...
Exploit for Deserialization of Untrusted Data in Clear Clearml
CVE-2024-24590-ClearML-RCE-Exploit Python script that exploit...
Exploit for Deserialization of Untrusted Data in Clear Clearml
...
Exploit for Deserialization of Untrusted Data in Clear Clearml
...
Insecure Deserialisation
clearml is vulnerable to Insecure Deserialisation. The vulnerability is due to Deserialisation of untrusted data. An attacker can upload a malicious pickle file via the project API to run arbitrary code on an end user's system...
Path Traversal
clearml is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation, which allows an attacker to craft a malicious dataset which writes files to arbitrary locations on the system...