CVE-2024-47063

Name of the Vulnerable Software and Affected Versions Computer Vision Annotation Tool (CVAT) versions prior to 2.19.0

Description The Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. A malicious CVAT user with permissions to create or edit a task can trick another logged-in user into visiting a maliciously-constructed URL, allowing the attacker to initiate API calls on the victim's behalf and gain temporary access to the victim's data.

Recommendations Upgrade to CVAT 2.19.0 or a later version to fix this issue. As a temporary workaround, consider restricting access to sensitive data and API endpoints to minimize the risk of exploitation. Avoid using maliciously-constructed URLs and be cautious when visiting links from untrusted sources.