CVE-2023-6778 Information

Description

Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user’s ClearML login credentials).

Reference

https://huntr.com/bounties/5f3fffac-0358-48e6-a500-81bac13e0e2b https://github.com/allegroai/clearml-server/commit/4684fd5b74af582c894b67a0a06e865c948b763a