All the vulnerabilites related to cvat-ai - cvat
cve-2024-45393
Vulnerability from cvelistv5
Published
2024-09-10 15:04
Modified
2024-09-10 19:25
Severity ?
EPSS score ?
Summary
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cvat-ai/cvat/security/advisories/GHSA-p3c9-m7jr-jxxj | x_refsource_CONFIRM | |
| https://github.com/cvat-ai/cvat/commit/0fafb797fdf022fb83ce81c6405ba19b583a236f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:24:40.532104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:25:11.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an \"update:task\" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:04:13.556Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-p3c9-m7jr-jxxj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-p3c9-m7jr-jxxj"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/0fafb797fdf022fb83ce81c6405ba19b583a236f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/0fafb797fdf022fb83ce81c6405ba19b583a236f"
}
],
"source": {
"advisory": "GHSA-p3c9-m7jr-jxxj",
"discovery": "UNKNOWN"
},
"title": "Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45393",
"datePublished": "2024-09-10T15:04:13.556Z",
"dateReserved": "2024-08-28T20:21:32.802Z",
"dateUpdated": "2024-09-10T19:25:11.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47172
Vulnerability from cvelistv5
Published
2024-09-30 15:00
Modified
2024-09-30 15:45
Severity ?
EPSS score ?
Summary
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cvat-ai/cvat/security/advisories/GHSA-gxhm-hg65-5gh2 | x_refsource_CONFIRM | |
| https://github.com/cvat-ai/cvat/commit/59ce6ca784a0d426b2cfb8cf2850ba1d520c03f5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:43:59.450814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:45:56.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:00:53.528Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-gxhm-hg65-5gh2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-gxhm-hg65-5gh2"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/59ce6ca784a0d426b2cfb8cf2850ba1d520c03f5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/59ce6ca784a0d426b2cfb8cf2850ba1d520c03f5"
}
],
"source": {
"advisory": "GHSA-gxhm-hg65-5gh2",
"discovery": "UNKNOWN"
},
"title": "Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47172",
"datePublished": "2024-09-30T15:00:53.528Z",
"dateReserved": "2024-09-19T22:32:11.961Z",
"dateUpdated": "2024-09-30T15:45:56.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37164
Vulnerability from cvelistv5
Published
2024-06-13 14:10
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT account can exploit this feature by specifying URLs whose host part is an intranet IP address or an internal domain name. By doing this, the attacker may be able to probe the network that the CVAT backend runs in for HTTP(S) servers. In addition, if there is a web server on this network that is sufficiently API-compatible with an Amazon S3 or Azure Blob Storage endpoint, and either allows anonymous access, or allows authentication with credentials that are known by the attacker, then the attacker may be able to create a cloud storage linked to this server. They may then be able to list files on the server; extract files from the server, if these files are of a type that CVAT supports reading from cloud storage (media data (such as images/videos/archives), importable annotations or datasets, task/project backups); and/or overwrite files on this server with exported annotations/datasets/backups. The exact capabilities of the attacker will depend on how the internal server is configured. Users should upgrade to CVAT 2.14.3 to receive a patch. In this release, the existing SSRF mitigation measures are applied to requests to cloud providers, with access to intranet IP addresses prohibited by default. Some workarounds are also available. One may use network security solutions such as virtual networks or firewalls to prohibit network access from the CVAT backend to unrelated servers on your internal network and/or require authentication for access to internal servers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6 | x_refsource_CONFIRM | |
| https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cvat-ai:cvat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T15:59:39.498525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:04:09.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT account can exploit this feature by specifying URLs whose host part is an intranet IP address or an internal domain name. By doing this, the attacker may be able to probe the network that the CVAT backend runs in for HTTP(S) servers. In addition, if there is a web server on this network that is sufficiently API-compatible with an Amazon S3 or Azure Blob Storage endpoint, and either allows anonymous access, or allows authentication with credentials that are known by the attacker, then the attacker may be able to create a cloud storage linked to this server. They may then be able to list files on the server; extract files from the server, if these files are of a type that CVAT supports reading from cloud storage (media data (such as images/videos/archives), importable annotations or datasets, task/project backups); and/or overwrite files on this server with exported annotations/datasets/backups. The exact capabilities of the attacker will depend on how the internal server is configured. Users should upgrade to CVAT 2.14.3 to receive a patch. In this release, the existing SSRF mitigation measures are applied to requests to cloud providers, with access to intranet IP addresses prohibited by default. Some workarounds are also available. One may use network security solutions such as virtual networks or firewalls to prohibit network access from the CVAT backend to unrelated servers on your internal network and/or require authentication for access to internal servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:16:42.293Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c"
}
],
"source": {
"advisory": "GHSA-q684-4jjh-83g6",
"discovery": "UNKNOWN"
},
"title": "CVAT SSRF via custom cloud storage endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37164",
"datePublished": "2024-06-13T14:10:16.920Z",
"dateReserved": "2024-06-03T17:29:38.330Z",
"dateUpdated": "2024-08-02T03:50:54.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47063
Vulnerability from cvelistv5
Published
2024-09-30 14:45
Modified
2024-09-30 16:39
Severity ?
EPSS score ?
Summary
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cvat-ai/cvat/security/advisories/GHSA-2c85-39cc-2px9 | x_refsource_CONFIRM | |
| https://github.com/cvat-ai/cvat/commit/75c3d573bc9468b718f53b442c2ef69ad1d5de12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cvat-ai:cvat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"lessThanOrEqual": "2.19.0",
"status": "affected",
"version": "2.4.7",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47063",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T16:38:37.610076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T16:39:39.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.4.7, \u003c 2.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user\u0027s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T14:45:02.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-2c85-39cc-2px9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-2c85-39cc-2px9"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/75c3d573bc9468b718f53b442c2ef69ad1d5de12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/75c3d573bc9468b718f53b442c2ef69ad1d5de12"
}
],
"source": {
"advisory": "GHSA-2c85-39cc-2px9",
"discovery": "UNKNOWN"
},
"title": "Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47063",
"datePublished": "2024-09-30T14:45:02.035Z",
"dateReserved": "2024-09-17T17:42:37.027Z",
"dateUpdated": "2024-09-30T16:39:39.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31188
Vulnerability from cvelistv5
Published
2022-08-01 00:00
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-7vpj-j5xv-29pr"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cvat-ai/cvat/commit/6fad1764efd922d99dbcda28c4ee72d071aa5a07"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169814/CVAT-2.0-Server-Side-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-7vpj-j5xv-29pr"
},
{
"url": "https://github.com/cvat-ai/cvat/commit/6fad1764efd922d99dbcda28c4ee72d071aa5a07"
},
{
"url": "http://packetstormsecurity.com/files/169814/CVAT-2.0-Server-Side-Request-Forgery.html"
}
],
"source": {
"advisory": "GHSA-7vpj-j5xv-29pr",
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31188",
"datePublished": "2022-08-01T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37306
Vulnerability from cvelistv5
Published
2024-06-13 14:18
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7 | x_refsource_CONFIRM | |
| https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cvat:cvat:2.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cvat",
"vendor": "cvat",
"versions": [
{
"lessThan": "2.14.3",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T15:56:51.538326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T15:57:53.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:18:28.853Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce"
}
],
"source": {
"advisory": "GHSA-jpf9-646h-4px7",
"discovery": "UNKNOWN"
},
"title": "CVAT\u0027s export and backup-related API endpoints are susceptible to CSRF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37306",
"datePublished": "2024-06-13T14:18:28.853Z",
"dateReserved": "2024-06-05T20:10:46.497Z",
"dateUpdated": "2024-08-02T03:50:55.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-47064
Vulnerability from cvelistv5
Published
2024-09-30 14:57
Modified
2024-09-30 16:26
Severity ?
EPSS score ?
Summary
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cvat-ai/cvat/security/advisories/GHSA-hp6c-f34j-qjj7 | x_refsource_CONFIRM | |
| https://github.com/cvat-ai/cvat/commit/0bf45fd5de08a652dffbfb517318a64c2fdbc5cf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T16:26:18.596193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T16:26:35.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cvat",
"vendor": "cvat-ai",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.16.0, \u003c 2.19.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user\u0027s behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-81",
"description": "CWE-81: Improper Neutralization of Script in an Error Message Web Page",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T14:57:12.805Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-hp6c-f34j-qjj7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-hp6c-f34j-qjj7"
},
{
"name": "https://github.com/cvat-ai/cvat/commit/0bf45fd5de08a652dffbfb517318a64c2fdbc5cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cvat-ai/cvat/commit/0bf45fd5de08a652dffbfb517318a64c2fdbc5cf"
}
],
"source": {
"advisory": "GHSA-hp6c-f34j-qjj7",
"discovery": "UNKNOWN"
},
"title": "Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47064",
"datePublished": "2024-09-30T14:57:12.805Z",
"dateReserved": "2024-09-17T17:42:37.028Z",
"dateUpdated": "2024-09-30T16:26:35.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}