Vulnerability Description
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zenml | Zenml | < 0.56.3 |
Related Weaknesses (CWE)
References
- https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337cPatch
- https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48ExploitIssue TrackingPatch
- https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337cPatch
- https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48ExploitIssue TrackingPatch
FAQ
What is CVE-2024-2213?
CVE-2024-2213 is a vulnerability with a CVSS score of 3.3 (LOW). An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account passw...
How severe is CVE-2024-2213?
CVE-2024-2213 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2213?
Check the references section above for vendor advisories and patch information. Affected products include: Zenml Zenml.