Vulnerabilities in Allegro.AI
6 resultsCVE-2024-24590HIGHDeserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliEPSS 2.5%CVE-2024-24592CRITICALLack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily EPSS 1.0%CVE-2024-24591HIGHA path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploadedEPSS 0.8%CVE-2024-24594CRITICALA cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attaEPSS 0.6%CVE-2024-24593CRITICALA cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform EPSS 0.4%CVE-2024-24595MEDIUMAllegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaEPSS 0.3%