CVE-2024-24593

Name of the Vulnerable Software and Affected Versions Allegro AI’s ClearML platform versions prior to 1.14.1

Description A cross-site request forgery (CSRF) vulnerability allows a remote attacker to impersonate a user by sending API requests via maliciously crafted HTML. This can lead to the compromise of confidential workspaces and files, leakage of sensitive information, and targeting of instances of the ClearML platform within closed-off networks.

Recommendations For versions prior to 1.14.1, update to version 1.14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the API server component to minimize the risk of exploitation. Additionally, be cautious when clicking on links or accessing HTML content from untrusted sources to avoid potential CSRF attacks.