Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
Metrics
Affected Vendors & Products
References
History
Wed, 30 Oct 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cvat
Cvat computer Vision Annotation Tool |
|
CPEs | cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cvat
Cvat computer Vision Annotation Tool |
Mon, 30 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 30 Sep 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue. | |
Title | Computer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpoints | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-30T15:00:53.528Z
Updated: 2024-09-30T15:45:56.182Z
Reserved: 2024-09-19T22:32:11.961Z
Link: CVE-2024-47172
Vulnrichment
Updated: 2024-09-30T15:45:47.020Z
NVD
Status : Analyzed
Published: 2024-09-30T15:15:06.523
Modified: 2024-10-30T18:20:58.270
Link: CVE-2024-47172
Redhat
No data.