Vulnerability Description
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zenml | Zenml | < 0.56.3 |
Related Weaknesses (CWE)
References
- https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5ePatch
- https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963ExploitIssue TrackingPatch
- https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5ePatch
- https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963ExploitIssue TrackingPatch
FAQ
What is CVE-2024-2383?
CVE-2024-2383 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. T...
How severe is CVE-2024-2383?
CVE-2024-2383 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2383?
Check the references section above for vendor advisories and patch information. Affected products include: Zenml Zenml.