CVE-2024-47064

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions Computer Vision Annotation Tool (CVAT) versions prior to 2.19.0

Description The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the attacker temporary access to all data that the victim user has access to.

Recommendations Upgrade to CVAT 2.19.0 or a later version to fix this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-81CWE-79

Related Identifiers

CVE-2024-47064

GHSA-HP6C-F34J-QJJ7

Affected Products

Computer Vision Annotation Tool

CVE-2024-47064

Weakness Enumeration

Related Identifiers

Affected Products

References · 7