Computer Vision Annotation Tool
CVE-2024-47172
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
AnalysisAI
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue. Affected products include: Cvat Computer Vision Annotation Tool.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 8.8 HIGH]
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 ha
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
CVAT is an open source interactive video and image annotation tool for computer vision. [CVSS 5.4 MEDIUM]
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medi
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today