Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2024-37306 First vendor Publication 2024-06-13
Vendor Cve Last vendor Modification 2025-01-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Overall CVSS Score 7.1
Base Score 7.1 Environmental Score 7.1
impact SubScore 4.2 Temporal Score 7.1
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact High
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Starting in version 2.2.0 and prior to version 2.14.3, if an attacker can trick a logged-in CVAT user into visiting a malicious URL, they can initiate a dataset export or a backup from a project, task or job that the victim user has permission to export into a cloud storage that the victim user has access to. The name of the resulting file can be chosen by the attacker. This implies that the attacker can overwrite arbitrary files in any cloud storage that the victim can access and, if the attacker has read access to the cloud storage used in the attack, they can obtain media files, annotations, settings and other information from any projects, tasks or jobs that the victim has permission to export. Version 2.14.3 contains a fix for the issue. No known workarounds are available.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37306

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Sources (Detail)

https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce
https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2025-01-21 17:20:38
  • Multiple Updates
2024-11-25 09:24:53
  • Multiple Updates
2024-06-14 05:27:24
  • Multiple Updates
2024-06-13 21:27:25
  • First insertion