6 matches found
CVE-2024-24590
ClearML (Allegro AI) client SDK vulnerabilities: deserialization of untrusted data in versions 0.17.0–1.14.2 can allow remote code execution via a malicious pickle artifact. Root cause: unsafe Python pickle deserialization during artifact processing. Impact: arbitrary code execution/reverse shell...
CVE-2024-24593
CVE-2024-24593 describes a CSRF vulnerability in the api server component of Allegro AI’s ClearML platform, affecting all versions up to 1.14.1. An attacker can impersonate a legitimate user by issuing API requests from malicious HTML, enabling unauthorized access to confidential workspaces and f...
CVE-2024-24591
Summary of CVE-2024-24591 : A path traversal vulnerability affects Allegro AI’s ClearML platform client SDK versions 1.4.0 through 1.14.1. The issue arises when handling uploaded datasets, allowing a malicious dataset to write local or remote files to arbitrary locations on an end user’s system u...
CVE-2024-24592
The connected Nessus entry ties CVE-2024-24592 to ClearML’s fileserver, indicating an unauthenticated file access flaw in ClearML
CVE-2024-24595
CVE-2024-24595 affects Allegro AI ClearML (open-source) with a plaintext password storage flaw in the MongoDB instance, causing potential leakage of user emails and passwords. Root cause: credentials stored unencrypted in MongoDB. Impact: server compromise possible; confidentiality and integrity ...
CVE-2024-24594
CVE-2024-24594 describes a cross-site scripting (XSS) vulnerability in the web server component of Allegro AI’s ClearML platform. A remote attacker could execute JavaScript when a user views the Debug Samples tab in the web UI. The connected documents provide the vulnerability description but do ...