Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNTI3LXY1NzktbTk4aM4AA8xd
Improper authentication in zenml
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
Permalink: https://github.com/advisories/GHSA-j527-v579-m98hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNTI3LXY1NzktbTk4aM4AA8xd
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 4 months ago
Updated: 4 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-j527-v579-m98h, CVE-2024-2213
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2213
- https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2
- https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48
- https://github.com/advisories/GHSA-j527-v579-m98h
Blast Radius: 5.4
Affected Packages
pypi:zenml
Dependent packages: 2Dependent repositories: 44
Downloads: 53,692 last month
Affected Version Ranges: < 0.56.3
Fixed in: 0.56.3
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.13.2, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.20.5, 0.21.0, 0.21.1, 0.22.0, 0.23.0, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.32.1, 0.33.0, 0.34.0, 0.35.0, 0.35.1, 0.36.0, 0.36.1, 0.37.0, 0.38.0, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.41.0, 0.42.0, 0.42.1, 0.42.2, 0.43.0, 0.43.1, 0.44.0, 0.44.1, 0.44.2, 0.44.3, 0.44.4, 0.45.0, 0.45.1, 0.45.2, 0.45.3, 0.45.4, 0.45.5, 0.45.6, 0.46.0, 0.46.1, 0.47.0, 0.50.0, 0.51.0, 0.52.0, 0.53.0, 0.53.1, 0.54.0, 0.54.1, 0.55.0, 0.55.1, 0.55.2, 0.55.3, 0.55.4, 0.55.5, 0.56.0, 0.56.1, 0.56.2
All unaffected versions: 0.56.3, 0.56.4, 0.57.0, 0.57.1, 0.58.0, 0.58.1, 0.58.2, 0.60.0, 0.61.0, 0.62.0, 0.63.0, 0.64.0, 0.65.0, 0.66.0