Published: 01/08/2022 Updated: 08/12/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions before 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cvat cvat

#Exploit Title: CVAT 20 - SSRF (Server Side Request Forgery) #Exploit Author: Emir Polat #Vendor Homepage: githubcom/opencv/cvat #Version: < 200 #Tested On: Version 170 - Ubuntu 20044 LTS (GNU/Linux 540-122-generic x86_64) #CVE: CVE-2022-31188 # Description: #CVAT is an opensource interactive video and image annotation tool fo ...

CVAT version 20 suffers from a server-side request forgery vulnerability ...

CVE-2022-31188 - OpenCV CVAT (Computer Vision Annotation Tool) SSRF

CVE-2022-31188 CVE-2022-31188 - OpenCV CVAT (Computer Vision Annotation Tool) SSRF CVAT is an open source Computer Vision Annotation Tool developed by Intel Any user with "Task Create" authorization can trigger the SSRF vulnerability by sending a malicious HTTP request and gaining access to other open ports on the system The vulnerability was fixed with the 200 up

CWE-918 https://github.com/cvat-ai/cvat/commit/6fad1764efd922d99dbcda28c4ee72d071aa5a07 https://github.com/cvat-ai/cvat/security/advisories/GHSA-7vpj-j5xv-29pr http://packetstormsecurity.com/files/169814/CVAT-2.0-Server-Side-Request-Forgery.html https://nvd.nist.gov https://github.com/emirpolatt/CVE-2022-31188 https://www.exploit-db.com/exploits/51030

CVE-2022-31188

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect