Vulnerabilites related to clear - clearml_enterprise_server
Vulnerability from fkie_nvd
Published
2025-02-06 17:15
Modified
2025-09-05 17:32
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Summary
A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2110 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
clear | clearml_enterprise_server | 3.22.5-1533 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:clear:clearml_enterprise_server:3.22.5-1533:*:*:*:*:*:*:*", "matchCriteriaId": "BAF76DBA-9034-4A07-B0EE-00A04B71EC06", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability." }, { "lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (XSS) en la funci\u00f3n de carga de conjuntos de datos de ClearML Enterprise Server 3.22.5-1533. Una solicitud HTTP especialmente manipulada puede generar un c\u00f3digo HTML arbitrario. Un atacante puede enviar una serie de solicitudes HTTP para activar esta vulnerabilidad." } ], "id": "CVE-2024-39272", "lastModified": "2025-09-05T17:32:43.667", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2025-02-06T17:15:18.647", "references": [ { "source": "talos-cna@cisco.com", "tags": [ "Third Party Advisory" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2110" } ], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "talos-cna@cisco.com", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-02-06 17:15
Modified
2025-09-05 17:44
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2112 | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
clear | clearml_enterprise_server | 3.22.5-1533 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:clear:clearml_enterprise_server:3.22.5-1533:*:*:*:*:*:*:*", "matchCriteriaId": "BAF76DBA-9034-4A07-B0EE-00A04B71EC06", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability." }, { "lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad Vault API de ClearML Enterprise Server 3.22.5-1533. Una solicitud HTTP especialmente manipulada puede provocar la lectura de b\u00f3vedas que se han deshabilitado previamente, lo que puede provocar la filtraci\u00f3n de credenciales confidenciales. Un atacante puede enviar una serie de solicitudes HTTP para activar esta vulnerabilidad." } ], "id": "CVE-2024-43779", "lastModified": "2025-09-05T17:44:10.310", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "talos-cna@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2025-02-06T17:15:19.160", "references": [ { "source": "talos-cna@cisco.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2112" } ], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "talos-cna@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-522" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
CVE-2024-43779 (GCVE-0-2024-43779)
Vulnerability from cvelistv5
Published
2025-02-06 16:47
Modified
2025-02-12 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-02-06T19:02:35.862Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2112" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-43779", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-06T17:12:38.277510Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T19:51:09.384Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ClearML", "vendor": "ClearML", "versions": [ { "status": "affected", "version": "Enterprise Server 3.22.5-1533" } ] } ], "credits": [ { "lang": "en", "value": "Edwin Molenaar of Cisco Meraki Offensive Security Team" } ], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-06T16:47:28.385Z", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112" } ] } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2024-43779", "datePublished": "2025-02-06T16:47:28.385Z", "dateReserved": "2024-11-13T22:00:47.222Z", "dateUpdated": "2025-02-12T19:51:09.384Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39272 (GCVE-0-2024-39272)
Vulnerability from cvelistv5
Published
2025-02-06 16:47
Modified
2025-02-12 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-02-06T19:02:34.698Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2110" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39272", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-06T17:09:43.732521Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T19:51:09.249Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ClearML", "vendor": "ClearML", "versions": [ { "status": "affected", "version": "Enterprise Server 3.22.5-1533" } ] } ], "credits": [ { "lang": "en", "value": "Edwin Molenaar of Cisco Meraki Offensive Security Team" } ], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-06T16:47:29.134Z", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110" } ] } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2024-39272", "datePublished": "2025-02-06T16:47:29.134Z", "dateReserved": "2024-11-13T21:55:27.557Z", "dateUpdated": "2025-02-12T19:51:09.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }