An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Zenml
Zenml zenml |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:* | |
Vendors & Products |
Zenml
Zenml zenml |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:25:00.141Z
Updated: 2024-08-01T18:56:22.835Z
Reserved: 2024-02-29T19:50:35.229Z
Link: CVE-2024-2035
Vulnrichment
Updated: 2024-08-01T18:56:22.835Z
NVD
Status : Modified
Published: 2024-06-06T19:15:53.313
Modified: 2024-11-21T09:08:53.557
Link: CVE-2024-2035
Redhat
No data.