CVE-2024-43779

Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533

Description: An information disclosure issue exists in the Vault API functionality. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this issue.

Recommendations: For ClearML Enterprise Server version 3.22.5-1533, consider disabling the Vault API functionality until a patch is available to prevent potential information disclosure. Restrict access to the Vault API to minimize the risk of exploitation. Avoid using the Vault API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.