Cross-Site Request Forgery (CSRF) Vulnerability in Allegro AI's ClearML Platform Allows Remote Attacker to Impersonate Users
CVE-2024-24593

9.6CRITICAL

Key Information:

Vendor: Allegro.ai
Status: Clearml
Vendor: CVE Published:; 6 February 2024

What is CVE-2024-24593?

A cross-site request forgery (CSRF) vulnerability exists in all versions up to 1.14.1 of the API server component of Allegro AI’s ClearML platform. This vulnerability enables remote attackers to impersonate legitimate users by sending crafted API requests through malicious HTML. The exploitation of this vulnerability poses risks such as unauthorized access to confidential workspaces, leakage of sensitive information, and potential targeting of ClearML platform instances, even within isolated networks. Organizations utilizing ClearML should prioritize patching this vulnerability to safeguard their data and maintain the integrity of their operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ClearML 0 < 1.14.2

References

https://hiddenlayer.com/research/not-so-clear-how-mlops-s...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Jan 25, 2024

JSON

Allegro.ai

What is CVE-2024-24593?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.