Lucene search
GoogleOSV:GHSA-G3R5-72HF-P7P2HistoryApr 16, 2024 - 12:30 a.m.
zenml Session Fixation vulnerability
2024-04-1600:30:33
Google
osv.dev
3
zenml
session fixation
vulnerability
jwt tokens
user authentication
invalidation
logout
attacker
bypass
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim’s JWT token.
Related
osv
osv
CVE-2024-2260
2024-04-16 00:15:11
cvelist
cvelist
CVE-2024-2260 Session Fixation Vulnerability in zenml-io/zenml
2024-04-16 00:00:14
cve
cve
CVE-2024-2260
2024-04-16 00:15:11
github
github
zenml Session Fixation vulnerability
2024-04-16 00:30:33
veracode
veracode
Session Fixation
2024-04-17 07:36:41