An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
History

Fri, 11 Oct 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Zenml
Zenml zenml
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*
Vendors & Products Zenml
Zenml zenml
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:19:26.553Z

Updated: 2024-08-01T19:03:39.114Z

Reserved: 2024-03-06T08:29:15.083Z

Link: CVE-2024-2213

cve-icon Vulnrichment

Updated: 2024-08-01T19:03:39.114Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T19:15:53.890

Modified: 2024-11-21T09:09:16.143

Link: CVE-2024-2213

cve-icon Redhat

No data.