GHSA-gvqv-h7hh-6fcc, CVE-2024-24595
pypi/clearml
Insufficiently Protected Credentials
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
All versions up to 1.14.2
Unfortunately, there is no solution available yet.
2024-02-12
source |