Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Allegro 跨站请求伪造漏洞
Vulnerability Description
Allegro是Allegro开源的一个主要针对视频游戏和多媒体编程的跨平台库。 Allegro AI ClearML存在跨站请求伪造漏洞。远程攻击者利用该漏洞通过恶意制作的 html 发送 API 请求来冒充用户。
CVSS Information
N/A
Vulnerability Type
N/A