Talos Vulnerability Report

TALOS-2024-2110

ClearML dataset upload XSS vulnerability

February 6, 2025

CVE Number

CVE-2024-39272

SUMMARY

A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.

CONFIRMED VULNERABLE VERSIONS

The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.

ClearML Enterprise Server 3.22.5-1533

PRODUCT URLS

ClearML - https://clear.ml/

CVSSv3 SCORE

9.0 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

DETAILS

ClearML is an open-source AI platform that supports the entire AI development lifecycle from research to production. It integrates with existing tools and infrastructures, allowing developers and DevOps teams to build, train, and deploy models at scale.

An XSS vulnerability has been discovered in the ClearML dataset upload functionality.
This issue allows attackers to upload malicious HTML files into a dataset, through an existing ClearML account. These files can later be rendered within the browser of an authenticated ClearML user who is the victim, executing any Javascript present within the malicious HTML.

This vulnerability poses a significant security risk, potentially compromising user data and the integrity of the application. In the worst case, an attacker can use this vulnerability to exfiltrate parts of a logged-in user’s local storage, which can keep secrets about storage providers such as AWS S3.

Mitigation

Modify Content-Disposition Header:
Adjust the server configuration or application logic to set the Content-Disposition header to attachment for HTML files, prompting users to download the file instead of rendering it.

Content Security Policy (CSP):
Implement a strict Content Security Policy to limit the sources from which scripts can be executed.

(Optional) Sanitize HTML Content:
Implement a HTML sanitization mechanism to strip out any potentially harmful scripts or elements from uploaded files, although this might interfere with the training data.

TIMELINE

2024-11-25 - Initial Vendor Contact
2024-11-25 - Vendor Disclosure
2024-12-20 - Vendor Patch Release
2025-02-06 - Public Release

Credit

Edwin Molenaar of Cisco Meraki Offensive Security Team

TALOS-2024-2112

TALOS-2024-2091

Intelligence Center

Vulnerability Research

Incident Response

Security Resources

Media

Company