Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVAT vulnerable to privilege escalation of users with staff status
Vulnerability Description
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to the data in the CVAT instance. Version 2.55.0 fixes the issue. As a workaround, review the list of users with staff status and revoke it from any users that are not expected to have superuser privileges.
CVSS Information
N/A
Vulnerability Type
特权定义了不安全动作
Vulnerability Title
CVAT.ai CVAT 安全漏洞
Vulnerability Description
CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.54.0及之前版本存在安全漏洞,该漏洞源于具有staff状态的用户可以自由更改自身权限,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A