CVE-2024-2383

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*

History

11 Oct 2024, 15:11

Type Values Removed Values Added
References () https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9 - () https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9 - Patch
References () https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 - () https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 - Exploit, Issue Tracking, Patch, Third Party Advisory
First Time Zenml zenml
Zenml
CPE cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.1

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de clickjacking en las versiones de zenml-io/zenml hasta la 0.55.5 incluida debido a que la aplicación no configura los encabezados HTTP X-Frame-Options o Content-Security-Policy adecuados. Esta vulnerabilidad permite a un atacante incrustar la interfaz de usuario de la aplicación dentro de un iframe en una página maliciosa, lo que podría provocar acciones no autorizadas al engañar a los usuarios para que interactúen con la interfaz bajo el control del atacante. El problema se solucionó en la versión 0.56.3.

06 Jun 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-06 19:15

Updated : 2024-10-11 15:11


NVD link : CVE-2024-2383

Mitre link : CVE-2024-2383

CVE.ORG link : CVE-2024-2383


JSON object : View

Products Affected

zenml

  • zenml
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames