Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries
Vulnerability Description
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Computer Vision Annotation Tool 安全漏洞
Vulnerability Description
Computer Vision Annotation Tool(CVAT)是cvat.ai开源的一种用于计算机视觉的交互式视频和图像注释工具。 Computer Vision Annotation Tool(CVAT) 2.18.0之前版本存在安全漏洞,该漏洞源于拥有CVAT帐户的攻击者可以访问在CVAT实例上注册的任何交付信息。
CVSS Information
N/A
Vulnerability Type
N/A