Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
clear clearml - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Clear Clearml
4 Github repositories
8.8
CVSSv3
CVE-2024-24591
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
Clear Clearml
9.8
CVSSv3
CVE-2024-24592
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote malicious user to arbitrarily access, create, modify and delete files.
Clear Clearml
8.8
CVSSv3
CVE-2024-24593
A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote malicious user to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnera...
Clear Clearml
5.4
CVSSv3
CVE-2024-24594
A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote malicious user to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.
Clear Clearml -
7.1
CVSSv3
CVE-2024-24595
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
Clear Clearml -
5.4
CVSSv3
CVE-2023-6778
Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server before 1.13.0.
Clear Clearml Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started