3 matches found
CVE-2024-37164
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2024-37164
CVE-2024-37164 affects CVAT up to version 2.14.3. An account-attached SSRF vulnerability allows specifying cloud-storage endpoints with intranet/internals names to probe CVAT’s network and, if a compatible web server exists on that network, possibly create a linked cloud storage and later list, e...