16 matches found
CVE-2025-48381
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality...
CVE-2025-48381 CVAT has information disclosure via browsable API
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality...
Computer Vision Annotation Tool 安全漏洞
Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool versions prior to 2.4.0 through 2.38.0, which stems from the possibility that an authenticated user may...
CVE-2024-47172
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as...
CVE-2025-23045
CVE-2025-23045 affects Computer Vision Annotation Tool (CVAT). An attacker with an account on an affected CVAT instance can execute arbitrary code in the Nuclio function container via serverless tracker functions (TransT and SiamMask); deployments with custom tracker functions may also be affecte...
CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access t...
CVE-2024-47063
CVAT (Computer Vision Annotation Tool) contains a stored XSS vulnerability via the quality report data endpoint. A malicious user with task-creation/edit permissions can lure another logged-in user to a crafted URL, potentially executing scripts in the victim’s browser. Affected versions are prio...
CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate a...
PT-2024-32382 · Unknown · Computer Vision Annotation Tool
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...
CVE-2024-45393
Summary: CVAT prior to 2.18.0 is affected by a vulnerability where an account holder can access webhook delivery information for any webhook (including others’) and can redeliver past deliveries or trigger a ping event. The underlying issue is missing authorization for webhook delivery endpoints....
CVE-2024-45393 Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains...
PT-2024-27348 · Microsoft +1 · Azure Blob Storage +1
Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions 2.1.0 through 2.14.3 Description: The issue allows an attacker with a CVAT account to exploit a feature by specifying custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob...
Computer Vision Annotation Tool Advisory
Summary: A potential security vulnerability in the Computer Vision Annotation Tool CVAT software maintained by Intel® may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-27234 Description: Server-si...
CVAT 2.0 - Server Side Request Forgery
Exploit Title: CVAT 2.0 - SSRF Server Side Request Forgery Exploit Author: Emir Polat Vendor Homepage: https://github.com/opencv/cvat Version: 2.0.0 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS GNU/Linux 5.4.0-122-generic x8664 CVE: CVE-2022-31188 Description: CVAT is an opensource interactive...
CVE-2022-31188 Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery SSRF vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to...
CVE-2022-31188 Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery SSRF vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to...