Computer Vision Annotation Tool
CVE-2024-45393
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.
AnalysisAI
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version. Affected products include: Cvat Computer Vision Annotation Tool.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 ha
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today