CVE-2024-24595

Insufficiently Protected Credentials in pypi/clearml

Identifiers

GHSA-gvqv-h7hh-6fcc, CVE-2024-24595

Package Slug

pypi/clearml

Vulnerability

Insufficiently Protected Credentials

Description

Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.

Affected Versions

All versions up to 1.14.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-02-12

source