MEDIUM🇵🇱 Wersja polska

CVE-2024-24595

CVSS 6.0v3.1pub. 2024-02-05upd. 2024-11-21

Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
  • Clear Clearml

    APP
    Clear
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24592CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w komponencie fileserver platformy ClearML

CVE-2024-24593CRITICAL9.6PL ✓ten sam produkt

CSRF w ClearML API Server — podszywanie się pod użytkownika

CVE-2024-24594CRITICAL9.9PL ✓ten sam produkt

XSS w ClearML — wykonanie JavaScript przez zakładkę Debug Samples

CVE-2024-24590HIGH8.0ten sam produkt

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s Cle...

CVE-2024-24591HIGH8.0ten sam produkt

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform ...