CVE-2024-43779

Summary

An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
ClearMLClearMLEnterprise Server 3.22.5-1533affected

Weaknesses

  • CWE-200: CWE-200: Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References