QwikSec

Security Database

CVE

CWE

Training

CVE-2024-47064

Published: Sep 30, 2024

Modified: Sep 30, 2024

PUBLISHED

Description

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.

Vendor	Product	Versions
cvat-ai	cvat	affected `>= 2.16.0, < 2.19.0`

Weaknesses (CWE)

References

https://github.com/cvat-ai/cvat/security/advisories/GHSA-hp6c-f34j-qjj7

x_refsource_CONFIRM

https://github.com/cvat-ai/cvat/commit/0bf45fd5de08a652dffbfb517318a64c2fdbc5cf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2024-47064 - Security Vulnerability | QwikSec