CVE-2024-47172

Name of the Vulnerable Software and Affected Versions Computer Vision Annotation Tool (CVAT) versions prior to 2.19.1

Description The issue allows an attacker with a CVAT account to retrieve certain information about any project, task, job, or membership resource on the CVAT instance. This information is the same as the information returned on a GET request to the resource. Additionally, the attacker can alter the default source and target storage associated with any project or task.

Recommendations Upgrade to CVAT 2.19.1 or any later version to fix the issue.