GHSA-gvqv-h7hh-6fcc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gvqv-h7hh-6fcc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-gvqv-h7hh-6fcc/GHSA-gvqv-h7hh-6fcc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gvqv-h7hh-6fcc
- Aliases
-
- CVE-2024-24595
- Published
- 2024-02-06T00:30:28Z
- Modified
- 2024-02-16T08:01:39.319933Z
- Severity
-
- 6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
- Details
-
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
- Database specific
{ "nvd_published_at": "2024-02-05T22:16:08Z", "github_reviewed_at": "2024-02-09T21:36:44Z", "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-312", "CWE-522" ] }- References
Affected packages
PyPI / clearml
Package
- Name
- clearml
- View open source insights on deps.dev
- Purl
- pkg:pypi/clearml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected1.14.2
Affected versions
0.*
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5rc0
0.17.5rc1
0.17.5rc2
0.17.5rc3
0.17.5rc4
0.17.5rc5
0.17.5rc6
0.17.5
0.17.6rc1
1.*
1.0.0
1.0.1
1.0.2rc0
1.0.2
1.0.3rc0
1.0.3rc1
1.0.3
1.0.4rc0
1.0.4rc1
1.0.4
1.0.5
1.0.6rc1
1.0.6rc2
1.1.0
1.1.1
1.1.2rc0
1.1.2
1.1.3rc0
1.1.3
1.1.4rc0
1.1.4
1.1.5rc0
1.1.5rc1
1.1.5rc2
1.1.5rc3
1.1.5rc4
1.1.5rc5
1.1.5rc6
1.1.5rc7
1.1.5
1.1.6rc0
1.1.6
1.2.0rc0
1.2.0rc1
1.2.0rc2
1.2.0
1.2.1rc0
1.2.1
1.3.0rc0
1.3.0rc1
1.3.0rc2
1.3.0
1.3.1rc0
1.3.1
1.3.2rc0
1.3.2rc1
1.3.2rc2
1.3.2rc3
1.3.2rc4
1.3.2
1.3.3rc0
1.3.3rc1
1.3.3rc2
1.4.0
1.4.1rc0
1.4.1
1.4.2rc0
1.4.2rc1
1.5.0
1.6.0
1.6.1
1.6.2rc0
1.6.2
1.6.3rc0
1.6.3rc1
1.6.3
1.6.4
1.6.5rc0
1.6.5rc1
1.6.5rc2
1.7.0rc0
1.7.0rc1
1.7.0
1.7.1rc0
1.7.1rc1
1.7.1rc2
1.7.1
1.7.2rc0
1.7.2rc1
1.7.2rc2
1.7.2
1.7.3rc0
1.7.3rc1
1.8.0
1.8.1rc0
1.8.1
1.8.2
1.8.3
1.8.4rc0
1.8.4rc1
1.8.4rc2
1.9.0
1.9.1rc0
1.9.1
1.9.2rc0
1.9.2rc1
1.9.2rc2
1.9.2
1.9.3
1.10.0rc0
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4rc0
1.10.4rc1
1.10.4
1.11.0rc0
1.11.0
1.11.1rc0
1.11.1rc1
1.11.1rc2
1.11.1
1.11.2rc0
1.12.0
1.12.1rc0
1.12.1
1.12.2rc0
1.12.2
1.13.0
1.13.1
1.13.2rc0
1.13.2rc1
1.13.2rc2
1.13.2rc3
1.13.2
1.13.3rc0
1.13.3rc1
1.14.0rc0
1.14.0
1.14.1rc0
1.14.1
1.14.2rc0
1.14.2