CVE-2023-6778

Name of the Vulnerable Software and Affected Versions allegroai/clearml-server versions prior to 1.13.0

Description The issue is related to Cross-site Scripting (XSS) - Stored, which affects the ClearML Open Source Server. This server is not designed for public use and should be placed behind a company firewall or VPN. The vulnerability can only be exploited by malicious parties with access to the internal network and a user's ClearML login credentials.

Recommendations For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ClearML Open Source Server to minimize the risk of exploitation, ensuring it is placed behind a company firewall or VPN.