PT-2024-20477 · Allegro Ai · Clearml
Published
2024-02-05
·
Updated
2024-02-13
·
CVE-2024-24595
CVSS v3.1
6.0
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ClearML (affected versions not specified)
Description
The issue concerns the storage of passwords in plaintext within the MongoDB instance of Allegro AI's open-source version of ClearML. This results in a compromised server potentially leaking all user emails and passwords.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Clearml