CVSS 3.1 Score 9.6 of 10 (high)


Published Feb 6, 2024
Updated: Feb 15, 2024
CWE ID 352


CVE-2024-24593 is a cross-site request forgery (CSRF) vulnerability found in all versions up to 1.14.1 of the api server component of Allegro AI's ClearML platform. It allows a remote attacker to impersonate a user by sending API requests through maliciously crafted HTML. Exploiting this vulnerability can result in compromising confidential workspaces and files, leaking sensitive information, and targeting instances of the ClearML platform within closed off networks. The affected products include umfRWc, umfRWd, and umfRWb. To remediate the vulnerability, users are advised to update their ClearML platform to version 1.14.2 or later where the issue has been fixed. This vulnerability poses a high danger to organizations as it can lead to unauthorized access and potential data breaches.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24593 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options