CVE-2024-24592
CVE-2024-24592
In short
The fileserver in ClearML doesn't require authentication, so anyone on the internet can read, create, change, or delete files without logging in. This puts all data stored in ClearML at risk.
Technical detail
CWE-425: Missing Authentication in ClearML's fileserver component allows unauthenticated remote attackers to perform arbitrary file operations (read, write, delete) via direct access to the service. No credentials or authorization checks are enforced, enabling complete compromise of file integrity and confidentiality.
Summary generated and translated by AI from the official description.
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Allegro.AI · ClearMLWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →