CVE-2024-47063 — MEDIUM (6.1)

Q: How severe is CVE-2024-47063?

CVE-2024-47063 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47063?

Check the references section above for vendor advisories and patch information. Affected products include: Cvat Computer Vision Annotation Tool.

Vulnerability Description

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Cvat	Computer Vision Annotation Tool	>= 2.4.7, < 2.19.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-47063?

CVE-2024-47063 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing tas...

How severe is CVE-2024-47063?

CVE-2024-47063 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47063?

Check the references section above for vendor advisories and patch information. Affected products include: Cvat Computer Vision Annotation Tool.