CVE-2024-2383

Name of the Vulnerable Software and Affected Versions zenml-io/zenml versions up to and including 0.55.5

Description A clickjacking issue exists due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control.

Recommendations For versions up to and including 0.55.5, update to version 0.56.3 to resolve the issue. As a temporary workaround, consider restricting access to the application UI to minimize the risk of exploitation.