CVE-2024-39272 – A cross-site scripting vulnerability in ClearML... (How to Fix)

Q: What is the severity of CVE-2024-39272?

CVE-2024-39272 has a CVSS score of 9.0 (CRITICAL). A cross-site scripting vulnerability in ClearML Enterprise Server's dataset upload functionality allows attackers to inject malicious HTML/JavaScript via specially crafted HTTP requests. This affects ClearML Enterprise Server 3.22.5-1533 installations, potentially compromising user sessions and data.

📋 TL;DR

A cross-site scripting vulnerability in ClearML Enterprise Server's dataset upload functionality allows attackers to inject malicious HTML/JavaScript via specially crafted HTTP requests. This affects ClearML Enterprise Server 3.22.5-1533 installations, potentially compromising user sessions and data.

💻 Affected Systems

Products:

ClearML Enterprise Server

Versions: 3.22.5-1533

Operating Systems: All platforms running ClearML Enterprise Server

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the dataset upload functionality; other components may be unaffected.

📦 What is this software?

Clearml Enterprise Server by Clear

View all CVEs affecting Clearml Enterprise Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface the application, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Session hijacking, credential theft, or data exfiltration from authenticated users accessing the vulnerable dataset upload interface.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some functionality disruption may occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires sending crafted HTTP requests to the vulnerable endpoint; no authentication bypass needed if user has upload permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ClearML security advisory for patched version

Vendor Advisory: https://clear.ml/security-advisories

Restart Required: Yes

Instructions:

1. Check ClearML security advisory for latest patched version. 2. Backup configuration and data. 3. Upgrade to patched version. 4. Restart ClearML services. 5. Verify fix implementation.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize dataset upload parameters

# Configure web application firewall rules to block suspicious upload patterns
# Implement input sanitization in dataset upload handler

Access Restriction

all

Restrict dataset upload functionality to trusted users only

# Configure role-based access controls
# Implement IP whitelisting for upload endpoints

🧯 If You Can't Patch

Implement web application firewall with XSS protection rules
Disable dataset upload functionality if not required

🔍 How to Verify

Check if Vulnerable:

Test dataset upload functionality with XSS payloads; check if payloads execute in browser

Check Version:

clearml-server --version or check ClearML web interface version info

Verify Fix Applied:

Attempt to upload dataset with XSS payloads; verify payloads are properly sanitized and don't execute

📡 Detection & Monitoring

Log Indicators:

Unusual dataset upload patterns
HTTP requests with script tags or JavaScript in parameters
Multiple failed upload attempts with suspicious content

Network Indicators:

HTTP POST requests to dataset upload endpoints containing script tags or encoded JavaScript
Unusual traffic patterns to upload functionality

SIEM Query:

source="clearml-logs" AND (http_method="POST" AND uri_path="/datasets/upload" AND (param_value CONTAINS "<script>" OR param_value CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2024-39272

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.35% exploit probability (56.8th percentile)

Published: February 6, 2025

Last Updated: September 5, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110 Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2110 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39272, you might also want to check these: