206 matches found
Cross Site Scripting (XSS)
zenml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to missing santization of the logourl field, allowing an attacker to send harmful messages to other users and potentially compromise their accounts...
Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)
zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames Clickjacking. The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...
Improper Authentication
zenml is vulnerable to Improper Authentication. The vulnerability is due to improper authentication mechanisms, allowing an attacker with access to an active user session to change the account password without knowing the current password, bypassing the standard password change verification proce...
zenml-io/zenml does not expire the session after password reset
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
GHSA-99HM-86H7-GR3G zenml-io/zenml does not expire the session after password reset
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
CVE-2024-4680
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
CVE-2024-4680
ZenML-IO/zenml prior to 0.56.3 is affected by CVE-2024-4680 due to insufficient session expiration. The vulnerability allows reuse of old session credentials after a password change, enabling continued access to a compromised account without re-authentication. Documentation notes this behavior sp...
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...
ZenML Code Issue Vulnerability
ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A code issue vulnerability exists in ZenML version 0.56.3 that stems from an insufficient session validity period. An attacker exploiting this vulnerability could reuse old sessi...
PT-2024-4359
Name of the Vulnerable Software and Affected Versions zenml-io/zenml version 0.56.3 Description A vulnerability in zenml-io/zenml allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password...
Improper authentication in zenml
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized...
Cross site scripting in zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
Clickjacking in zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...
Race condition in zenml
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...
Improper authorization in zenml
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
GHSA-VWGF-7F9H-H499 Cross site scripting in zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
GHSA-MQ73-G4QR-FGCQ Clickjacking in zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...
GHSA-C546-8JMQ-HPRJ Race condition in zenml
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...