Cyber Posture

CVE-2024-43779

HighPublic PoC

Published: 06 February 2025

Published
06 February 2025
Modified
05 September 2025
KEV Added
Patch
CVSS Score 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0034 56.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may collect data related to managed devices from configuration repositories.

Security Summary

CVE-2024-43779 is an information disclosure vulnerability in the Vault API functionality of ClearML Enterprise Server version 3.22.5-1533. It allows a specially crafted HTTP request to read vaults that have been previously disabled, potentially leaking sensitive credentials stored within them. The issue is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-522 (Insufficiently Protected Credentials), with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

An attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. By sending a series of HTTP requests, the attacker can access and disclose contents of disabled vaults, achieving high-impact confidentiality loss (C:H) in a scoped manner (S:C), without affecting integrity or availability.

Mitigation details are available in the Talos Intelligence advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112. The vulnerability was published on 2025-02-06.

ClearML Enterprise Server is part of an AI/ML operations platform for managing machine learning experiments and pipelines, making leaked vault credentials particularly sensitive for AI workflows involving secure access to models, data, or compute resources. No real-world exploitation has been reported in the provided information.

Details

CWE(s)
CWE-200CWE-522

Affected Products

clear
clearml enterprise server
3.22.5-1533

AI Security Analysis

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
ClearML is an open-source AI platform supporting the entire AI/ML development lifecycle from research to production, including model building, training, and deployment, making it an AI platform fitting 'Other Platforms'. The vulnerability is in its Vault API for managing secrets and configurations used in AI workflows.

MITRE ATT&CK Enterprise Techniques

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
attack.mitre.org →
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
attack.mitre.org →
T1602 Data from Configuration Repository Collection
Adversaries may collect data related to managed devices from configuration repositories.
attack.mitre.org →
Why these techniques?

Vulnerability allows authenticated low-privilege users to access disabled vaults via API, disclosing sensitive credentials and configuration data, enabling exploitation for credential access (T1212), unsecured credential theft (T1552), and data collection from configuration repositories (T1602).

References