Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
References
Configurations
History
30 Oct 2024, 18:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cvat
Cvat computer Vision Annotation Tool |
|
References | () https://github.com/cvat-ai/cvat/commit/59ce6ca784a0d426b2cfb8cf2850ba1d520c03f5 - Patch | |
References | () https://github.com/cvat-ai/cvat/security/advisories/GHSA-gxhm-hg65-5gh2 - Vendor Advisory | |
CPE | cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:* |
04 Oct 2024, 13:51
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-30 15:15
Updated : 2024-10-30 18:20
NVD link : CVE-2024-47172
Mitre link : CVE-2024-47172
CVE.ORG link : CVE-2024-47172
JSON object : View
Products Affected
cvat
- computer_vision_annotation_tool
CWE
CWE-863
Incorrect Authorization