Lucene search
K
ClearClearml

6 matches found

CVE
CVE
added 2024/02/06 2:40 p.m.87 views

CVE-2024-24590

ClearML (Allegro AI) client SDK vulnerabilities: deserialization of untrusted data in versions 0.17.0–1.14.2 can allow remote code execution via a malicious pickle artifact. Root cause: unsafe Python pickle deserialization during artifact processing. Impact: arbitrary code execution/reverse shell...

8.8CVSS8.7AI score0.02452EPSS
CVE
CVE
added 2024/02/06 2:41 p.m.87 views

CVE-2024-24593

CVE-2024-24593 describes a CSRF vulnerability in the api server component of Allegro AI’s ClearML platform, affecting all versions up to 1.14.1. An attacker can impersonate a legitimate user by issuing API requests from malicious HTML, enabling unauthorized access to confidential workspaces and f...

9.6CVSS8.5AI score0.0038EPSS
CVE
CVE
added 2024/02/06 2:40 p.m.75 views

CVE-2024-24591

Summary of CVE-2024-24591 : A path traversal vulnerability affects Allegro AI’s ClearML platform client SDK versions 1.4.0 through 1.14.1. The issue arises when handling uploaded datasets, allowing a malicious dataset to write local or remote files to arbitrary locations on an end user’s system u...

8.8CVSS8.5AI score0.00798EPSS
CVE
CVE
added 2024/02/06 2:41 p.m.67 views

CVE-2024-24592

The connected Nessus entry ties CVE-2024-24592 to ClearML’s fileserver, indicating an unauthenticated file access flaw in ClearML

9.8CVSS9.4AI score0.00981EPSS
CVE
CVE
added 2024/02/05 9:15 p.m.56 views

CVE-2024-24595

CVE-2024-24595 affects Allegro AI ClearML (open-source) with a plaintext password storage flaw in the MongoDB instance, causing potential leakage of user emails and passwords. Root cause: credentials stored unencrypted in MongoDB. Impact: server compromise possible; confidentiality and integrity ...

7.1CVSS6.9AI score0.00255EPSS
CVE
CVE
added 2024/02/06 2:42 p.m.47 views

CVE-2024-24594

CVE-2024-24594 describes a cross-site scripting (XSS) vulnerability in the web server component of Allegro AI’s ClearML platform. A remote attacker could execute JavaScript when a user views the Debug Samples tab in the web UI. The connected documents provide the vulnerability description but do ...

9.9CVSS5.2AI score0.00594EPSS