ClearML Enterprise Server Vault API Information Disclosure Vulnerability

A vulnerability allowing information disclosure exists in the Vault API of ClearML Enterprise Server versions 3.22.5-1533. This issue arises because the API can be manipulated to retrieve vaults that have been disabled, potentially exposing sensitive credentials. The vulnerability can be exploited by sending a series of crafted HTTP requests to the API endpoint that manages vaults.

Impact

Exploitation of this vulnerability could lead to unauthorized access to disabled vault items, allowing users to retrieve sensitive information or credentials that should have been inaccessible.

Reproduction

To reproduce this vulnerability, an authenticated user can send a GET request to the 'users.get_vaults' API endpoint. This request will return both enabled and disabled vault items, including those that have been disabled by administrators.

Remediation

Users are advised to update to the latest version of ClearML Enterprise Server, where this vulnerability has been addressed.