ZenML < 0.56.3 Vulnerability - CVE-2024-2213

🗓️ 03 Jan 2025 00:00:00Reported by TenableType

ZenML version prior to 0.56.3 allows unauthorized account takeover via improper authentication mechanisms.

Reporter	Title	Published	Views	Family All 13
CNNVD	ZenML Authorization Issues Vulnerability	6 Jun 202400:00	–	cnnvd
CVE	CVE-2024-2213	6 Jun 202418:19	–	cve
Cvelist	CVE-2024-2213 Improper Authentication in zenml-io/zenml	6 Jun 202418:19	–	cvelist
EUVD	EUVD-2024-0197	3 Oct 202520:07	–	euvd
Github Security Blog	Improper authentication in zenml	6 Jun 202421:30	–	github
NVD	CVE-2024-2213	6 Jun 202419:15	–	nvd
OSV	GHSA-J527-V579-M98H Improper authentication in zenml	6 Jun 202421:30	–	osv
OSV	PYSEC-2024-193	6 Jun 202419:15	–	osv
Positive Technologies	PT-2024-19218 · Zenml · Zenml	6 Jun 202400:00	–	ptsecurity
PyPA	PYSEC-2024-193	6 Jun 202419:15	–	pypa

Source	Link
nessus	www.nessus.org/u
huntr	www.huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900

##
# Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(213478);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/01/16");

  script_cve_id("CVE-2024-2213");

  script_name(english:"ZenML < 0.56.3 Vulnerability - CVE-2024-2213");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by an 
improper authentication mechanisms. An attacker with access to an active user session can change the account 
password without needing to know the current password. This vulnerability allows for unauthorized account 
takeover by bypassing the standard password change verification process.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
  # https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e70ad98");
  script_set_attribute(attribute:"see_also", value:"https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ZenML version 0.56.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2213");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/06/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/06/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/01/03");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zenml:zenml");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Artificial Intelligence");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("zenml_detect.nbin", "python_zenml_detect.nbin");
  script_require_keys("installed_sw/ZenML");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'ZenML');
var constraints = [
    { 'min_version':'0.1', 'fixed_version':'0.56.3' },
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);

16 Jan 2025 00:00Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.13.3

CVSS 33.3

EPSS0.00011

SSVC