CVE-2024-24592
📋 TL;DR
This vulnerability allows remote attackers to perform unauthenticated file operations on ClearML's fileserver component. Attackers can read, create, modify, and delete files without any authentication. All organizations using Allegro AI's ClearML platform are affected.
💻 Affected Systems
- Allegro AI ClearML
📦 What is this software?
Clearml by Clear
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the ClearML instance with potential data exfiltration, ransomware deployment, or supply chain attacks by modifying ML models and datasets.
Likely Case
Unauthorized access to sensitive ML training data, model theft, or manipulation of ML pipelines leading to corrupted outputs.
If Mitigated
Limited impact if fileserver is isolated behind strong network controls and contains only non-sensitive data.
🎯 Exploit Status
No authentication required makes exploitation trivial. Attackers can use standard HTTP requests to interact with the fileserver.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Check Allegro AI's security advisories for updates and apply any future patches immediately.
🔧 Temporary Workarounds
Network Segmentation
linuxIsolate the ClearML fileserver behind a firewall and restrict access to trusted IPs only.
# Example iptables rule: iptables -A INPUT -p tcp --dport [fileserver_port] -s [trusted_ip] -j ACCEPT
# iptables -A INPUT -p tcp --dport [fileserver_port] -j DROP
Authentication Proxy
allPlace an authentication proxy (like nginx with basic auth) in front of the fileserver.
# nginx config snippet:
location /fileserver {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:[fileserver_port];
}
🧯 If You Can't Patch
- Disable or block network access to the fileserver component entirely.
- Monitor all file operations on the fileserver for suspicious activity and implement strict access logging.
🔍 How to Verify
Check if Vulnerable:
Attempt to access the fileserver endpoint without authentication using curl: curl -X GET http://[clearml_host]:[fileserver_port]/files - if it returns file listings without authentication, it's vulnerable.Check Version:
Check ClearML version via: clearml --version or review deployment configuration files.Verify Fix Applied:
Repeat the vulnerable check after implementing workarounds - authentication should now be required.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access attempts to fileserver endpoints
- Unexpected file creation/modification/deletion patterns
- Access from unauthorized IP addresses
Network Indicators:
- HTTP requests to fileserver endpoints without authentication headers
- Unusual file transfer volumes from ClearML servers
SIEM Query:
source="clearml_logs" AND (uri_path="/files*" AND NOT auth_token=*) OR (event_type="file_operation" AND user="anonymous")