Skip to main content

Computer Vision Annotation Tool CVE-2024-45393

MEDIUM
Missing Authorization (CWE-862)
2024-09-10 security-advisories@github.com
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 10, 2024 - 15:15 nvd
MEDIUM 6.4

DescriptionNVD

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.

AnalysisAI

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version. Affected products include: Cvat Computer Vision Annotation Tool.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2022-31188 CRITICAL POC
9.8 Aug 01

CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8

CVE-2026-23526 HIGH
8.8 Jan 21

CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]

CVE-2024-37164 HIGH
8.5 Jun 13

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high

CVE-2024-37306 HIGH
7.1 Jun 13

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high

CVE-2025-49135 MEDIUM
6.5 Jun 25

CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 ha

CVE-2024-47064 MEDIUM
6.3 Sep 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2024-47063 MEDIUM
6.2 Sep 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2026-23516 MEDIUM
5.4 Jan 21

CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]

CVE-2024-47172 MEDIUM
5.4 Sep 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2025-48381 MEDIUM
5.3 May 30

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi

CVE-2025-23045 HIGH
8.7 Jan 28

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high

Share

CVE-2024-45393 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy