Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cvat
Cvat computer Vision Annotation Tool |
|
CPEs | cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cvat
Cvat computer Vision Annotation Tool |
|
Metrics |
cvssV3_1
|
Mon, 30 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 30 Sep 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue. | |
Title | Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints | |
Weaknesses | CWE-79 CWE-81 |
|
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-30T14:57:12.805Z
Updated: 2024-09-30T16:26:35.340Z
Reserved: 2024-09-17T17:42:37.028Z
Link: CVE-2024-47064
Vulnrichment
Updated: 2024-09-30T16:26:28.786Z
NVD
Status : Analyzed
Published: 2024-09-30T15:15:06.413
Modified: 2024-10-30T18:23:17.020
Link: CVE-2024-47064
Redhat
No data.