Allegro.ai Clearml
6 CVEs affecting Allegro.ai Clearml. Latest disclosed: 2024-02-06. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-24594 | Critical | 9.9 | 2024-02-06 | A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a J… |
CVE-2024-24592 | Critical | 9.8 | 2024-02-06 | Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, mod… |
CVE-2024-24593 | Critical | 9.6 | 2024-02-06 | A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote att… |
CVE-2024-24591 | High | 8.0 | 2024-02-06 | A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write l… |
CVE-2024-24590 | High | 8.0 | 2024-02-06 | Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded ar… |
CVE-2024-24595 | Medium | 6.0 | 2024-02-05 | Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user email… |