CVE-2024-24590 PoC — Allegro 代码问题漏洞

Source

Associated Vulnerability

Description

Proof of concept for CVE-2024-24590

Readme

```

   _____ _                 __  __ _        _____   ____   _____ 
  / ____| |               |  \/  | |      |  __ \ / __ \ / ____|
 | |    | | ___  __ _ _ __| \  / | |      | |__) | |  | | |     
 | |    | |/ _ \/ _` | '__| |\/| | |      |  ___/| |  | | |     
 | |____| |  __/ (_| | |  | |  | | |____  | |    | |__| | |____ 
  \_____|_|\___|\__,_|_|  |_|  |_|______| |_|     \____/ \_____| - 2024-24590 x OxyDe
                                                                
                                                                

```


# ClearML Pickle Artifact Upload PoC

This project demonstrates how to dynamically upload a pickle artifact to ClearML with configurable parameters via command line arguments. 
The script initializes a ClearML task, dynamically configures a command for reverse shell execution, and uploads it as an artifact. (PoC-CVE-2024-24590)

Referer : https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/


## Prerequisites

- Python 3.6+
- `clearml` package
- `argparse` package
- `pickle` package
- `os` module

## Installation

1. Install ClearML package:
    ```bash
    pip install clearml
    ```

2. Clone the repository:
    ```bash
    git clone https://github.com/OxyDeV2/PoC-CVE-2024-24590.git
    cd PoC-CVE-2024-24590
    ```



## Usage

To run the script, use the following command with the appropriate arguments:

```bash
python script.py --project_name "<project_name>" --task_name "<task_name>" --tags <tag1> <tag2> ... --artifact_name "<artifact_name>" --ip "<ip_address>" --port "<port>"
```

Thanks to Skriix :)

File Snapshot

 [4.0K]  /data/pocs/558608668c3e4e7697491be574f54fa61c546cf6
├── [1.7K]  exploit.py
└── [1.6K]  README.md

0 directories, 2 files

Remarks