exploitDog

CVE-2024-24595

Опубликовано: 05 фев. 2024

Источник: nvd

CVSS3: 6

CVSS3: 7.1

EPSS Низкий

Описание

Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.

Ссылки

https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Third Party Advisory
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

6 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-522

CWE-522

Связанные уязвимости

GHSA-gvqv-h7hh-6fcc

CVSS3: 6

github

около 2 лет назад

Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance

EPSS

Процентиль: 6%

0.00024

Низкий

6 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-522

CWE-522