Lucene search

6f8de1f0-f67e-45a6-b68f-98777fdb759cNVD:CVE-2024-24594

HistoryFeb 06, 2024 - 3:15 p.m.

CVE-2024-24594

2024-02-0615:15:10

CWE-79

6f8de1f0-f67e-45a6-b68f-98777fdb759c

web.nvd.nist.gov

cross-site scripting

web server

allegro ai

clearml

remote attacker

javascript payload

debug samples tab

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.

Affected configurations

NVD

Node

clearclearmlMatch-

References

hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/