A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.
History

Fri, 11 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Zenml
Zenml zenml
Weaknesses CWE-362
CPEs cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*
Vendors & Products Zenml
Zenml zenml
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:49:18.482Z

Updated: 2024-08-01T18:56:22.635Z

Reserved: 2024-02-29T19:13:02.247Z

Link: CVE-2024-2032

cve-icon Vulnrichment

Updated: 2024-08-01T18:56:22.635Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T19:15:53.060

Modified: 2024-11-21T09:08:53.180

Link: CVE-2024-2032

cve-icon Redhat

No data.