Product
clear clearml
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-24594
CVE-2024-24593
CVE-2024-24592
CVE-2024-24591
CVE-2024-24590
CVE-2024-24595
all versions
A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a
<= 1.14.1
A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s Clear
all versions
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to
>= 1.4.0 and <= 1.14.1
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciou
>= 0.17.0 and <= 1.14.2
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, ena
all versions
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromise