Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
History

Wed, 30 Oct 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Cvat
Cvat computer Vision Annotation Tool
CPEs cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:*
Vendors & Products Cvat
Cvat computer Vision Annotation Tool

Mon, 30 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 30 Sep 2024 15:15:00 +0000

Type Values Removed Values Added
Description Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
Title Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-30T15:00:53.528Z

Updated: 2024-09-30T15:45:56.182Z

Reserved: 2024-09-19T22:32:11.961Z

Link: CVE-2024-47172

cve-icon Vulnrichment

Updated: 2024-09-30T15:45:47.020Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-30T15:15:06.523

Modified: 2024-10-30T18:20:58.270

Link: CVE-2024-47172

cve-icon Redhat

No data.