CVE-2024-2213
Last modified
CVE-2024-2213 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zenml | Zenml | < 0.56.3 |
References
- https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48Exploit, Issue Tracking, Patch, Third Party Advisory
- https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48Exploit, Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-2213?
How severe is CVE-2024-2213?
How do I fix CVE-2024-2213?
Are you affected by CVE-2024-2213?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST