Giters

LordVileOnX / ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-

Here is an exploit in python to exploit the CVE-2024-24590, which is an upload pickle in a ClearML, which leads to arbitrary code execution... Enjoy :D

Repository from Github https://github.comLordVileOnX/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-Repository from Github https://github.comLordVileOnX/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-

How it works-

Need access to the team work space

Replace IP and PORT to your listener port and IP

Change the project name to an existing project name.

IMPORTANT... YOU MIGHT NEED TO UPLOAD IT A COUPLE OF TIMES (RUN THE EXPLOIT A COUPLE OF TIMES)...

@lrvile on x

credits to @_KScorpio :D

thank me later :D

example of use

  1. click on start new project on clearml
  2. install clearml on terminal with pip
  3. get the creds from clearml web (gen creds from clicking new project)
  4. clearml-init in ur terminal and paste in the creds
  5. nc -lnvp 4444
  6. python exploit.py

reference: https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/

About

Here is an exploit in python to exploit the CVE-2024-24590, which is an upload pickle in a ClearML, which leads to arbitrary code execution... Enjoy :D

Languages

Language:Python 100.0%