An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.
History

Tue, 24 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Doccano
Doccano auto Labeling Pipeline
Doccano doccano
Weaknesses CWE-918
CPEs cpe:2.3:a:doccano:auto_labeling_pipeline:*:*:*:*:*:*:*:*
cpe:2.3:a:doccano:doccano:*:*:*:*:*:*:*:*
Vendors & Products Doccano
Doccano auto Labeling Pipeline
Doccano doccano
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 23 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
Description An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-09-23T00:00:00

Updated: 2024-09-24T16:02:12.013Z

Reserved: 2024-07-05T00:00:00

Link: CVE-2024-40441

cve-icon Vulnrichment

Updated: 2024-09-24T16:01:19.904Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-23T17:15:13.580

Modified: 2024-09-26T13:32:55.343

Link: CVE-2024-40441

cve-icon Redhat

No data.