An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
References
Link | Resource |
---|---|
https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2 | Patch |
https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
11 Oct 2024, 15:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:* | |
References | () https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2 - Patch | |
References | () https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
CWE | NVD-CWE-Other | |
First Time |
Zenml zenml
Zenml |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 19:15
Updated : 2024-10-11 15:34
NVD link : CVE-2024-2213
Mitre link : CVE-2024-2213
CVE.ORG link : CVE-2024-2213
JSON object : View
Products Affected
zenml
- zenml
CWE