CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
ClearML Enterprise Server 3.22.5-1533
ClearML - https://clear.ml/
7.7 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-200 - Information Exposure
ClearML is an open-source AI platform that supports the entire AI development lifecycle from research to production. It integrates with existing tools and infrastructures, allowing developers and DevOps teams to build, train, and deploy models at scale.
A security vulnerability has been identified in the ClearML API that allows authenticated ClearML users to retrieve disabled vault items, which could leak credentials or other sensitive information. This issue happens when a logged-in user sends a GET request to the following API endpoint: https://app.clearml.[somedomain.com]/api/v2.30/users.get_vaults.
| The distribution of configuration items and secrets is a standard feature of ClearML, facilitated through the so-called vaults, as described in the official documentation (Administrator Vaults | ClearML). These vault items can be individually enabled or disabled. Within the ClearML Web App, under Profile > Workplace Settings, users can view their personal vault along with an additional vault used to distribute settings to their account. This is indicated by the following message, which users can click to view the contents: “Additional vaults applied by admin: XYZ.” These vault items are visible through both the API and Web App, and part of the expected behavior. |
The issue (most likely) lies in the fact that disabled vault items remain visible through the API, although they are hidden in the web app itself. As a result, disabled administrator vaults are still accessible. Due to this vulnerability, users can view the contents of these vault items, while the admin might expect the users not to have access to these vault items anymore.
As an Administrator:
1. As an Administrator, create an Administrator Vault item with some data, assign it to the ‘users’ group, and then disable the vault by toggling the button under ‘active’.
As a regular user:
2. Log in to ClearML web server.
3. Navigate to the Profile > Settings > Workspace page section, and observe the visible vault items (https://app.clearml.[somedomain.com]/settings/workspace-configuration).
4. Open the following API endpoint https://app.clearml.[somedomain.com]/api/v2.30/users.get_vaults.
5. The API response includes both disabled and enabled vault items.
Fix the Vulnerable API: Modify the API to exclude disabled global vault items from the response.
2024-11-25 - Initial Vendor Contact
2024-11-25 - Vendor Disclosure
2024-12-20 - Vendor Patch Release
2025-02-06 - Public Release
Edwin Molenaar of Cisco Meraki Offensive Security Team