CVE-2024-9365

Name of the Vulnerable Software and Affected Versions polyaxon/polyaxon version 2.4.0

Description A Cross-Site Request Forgery (CSRF) issue allows attackers to perform unauthorized actions in the context of the victim's browser, including creating projects, model versions, and artifact versions, or changing settings. The impact of this issue includes potential data loss and service disruption.

Recommendations For polyaxon/polyaxon version 2.4.0, consider disabling the affected functionality until a patch is available. Restrict access to sensitive operations, such as project creation and configuration changes, to minimize the risk of exploitation. Avoid using the vulnerable version for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.