Lucene search
6f8de1f0-f67e-45a6-b68f-98777fdb759cCVE-2024-24594HistoryFeb 06, 2024 - 3:15 p.m.
CVE-2024-24594
2024-02-0615:15:10
CWE-79
6f8de1f0-f67e-45a6-b68f-98777fdb759c
web.nvd.nist.gov
11
cve-2024-24594
xss
vulnerability
allegro ai
clearml
web server
security
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.4%
A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.
Affected configurations
Node
clearclearmlMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| clear:clearml | clear clearml | eq | - |
CNA Affected
[
{
"defaultStatus": "affected",
"packageName": "clearml-web",
"product": "ClearML",
"repo": "https://github.com/allegroai/clearml-web",
"vendor": "Allegro.AI",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-24594
2024-02-06 15:15:10
prion
prion
Cross site scripting
2024-02-06 15:15:00
cvelist
cvelist
CVE-2024-24594
2024-02-06 14:42:08
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.4%
Related for CVE-2024-24594