CVE-2024-2213

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions zenml-io/zenml versions up to and including 0.55.4

Description An issue was discovered due to improper authentication mechanisms, allowing an attacker with access to an active user session to change the account password without knowing the current password. This allows for unauthorized account takeover by bypassing the standard password change verification process.

Recommendations For versions up to and including 0.55.4, update to version 0.56.3 to resolve the issue. As a temporary workaround, consider restricting access to the password change functionality until the update is applied.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-620

Related Identifiers

CVE-2024-2213

GHSA-J527-V579-M98H

PYSEC-2024-193

Affected Products

Zenml

CVE-2024-2213

Weakness Enumeration

Related Identifiers

Affected Products

References · 10