Lucene search
K

206 matches found

Veracode
Veracode
added 2024/06/11 5:52 a.m.12 views

Cross Site Scripting (XSS)

zenml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to missing santization of the logourl field, allowing an attacker to send harmful messages to other users and potentially compromise their accounts...

4.8CVSS6.3AI score0.00364EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/06/10 1:58 p.m.23 views

Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)

zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames Clickjacking. The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...

6.1CVSS6.6AI score0.00354EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/06/10 12:53 p.m.14 views

Improper Authentication

zenml is vulnerable to Improper Authentication. The vulnerability is due to improper authentication mechanisms, allowing an attacker with access to an active user session to change the account password without knowing the current password, bypassing the standard password change verification proce...

3.3CVSS7.4AI score0.00241EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/08 9:30 p.m.23 views

zenml-io/zenml does not expire the session after password reset

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

8.8CVSS6.9AI score0.00405EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/08 9:30 p.m.12 views

GHSA-99HM-86H7-GR3G zenml-io/zenml does not expire the session after password reset

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS6.1AI score0.00405EPSS
Exploits1References3
NVD
NVD
added 2024/06/08 8:15 p.m.27 views

CVE-2024-4680

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

8.8CVSS0.00405EPSS
Exploits1References1
OSV
OSV
added 2024/06/08 7:38 p.m.10 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS6.3AI score0.00405EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/08 7:38 p.m.15 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS7.2AI score0.00405EPSS
Exploits1References1
CVE
CVE
added 2024/06/08 7:38 p.m.83 views

CVE-2024-4680

ZenML-IO/zenml prior to 0.56.3 is affected by CVE-2024-4680 due to insufficient session expiration. The vulnerability allows reuse of old session credentials after a password change, enabling continued access to a compromised account without re-authentication. Documentation notes this behavior sp...

8.8CVSS6.2AI score0.00405EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/06/08 7:38 p.m.30 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS0.00405EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.4 views

ZenML Code Issue Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A code issue vulnerability exists in ZenML version 0.56.3 that stems from an insufficient session validity period. An attacker exploiting this vulnerability could reuse old sessi...

8.8CVSS7AI score0.00405EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.7 views

PT-2024-4359

Name of the Vulnerable Software and Affected Versions zenml-io/zenml version 0.56.3 Description A vulnerability in zenml-io/zenml allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password...

8.8CVSS6.3AI score0.00405EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.22 views

Improper authentication in zenml

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized...

3.3CVSS4.2AI score0.00241EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.22 views

Cross site scripting in zenml

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

4.8CVSS3.7AI score0.00364EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.19 views

Clickjacking in zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

6.1CVSS4.4AI score0.00354EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.22 views

Race condition in zenml

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

3.1CVSS4AI score0.00289EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.22 views

Improper authorization in zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS6.4AI score0.00623EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/06/06 9:30 p.m.13 views

GHSA-VWGF-7F9H-H499 Cross site scripting in zenml

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

3.4CVSS4.1AI score0.00364EPSS
Exploits1References5
OSV
OSV
added 2024/06/06 9:30 p.m.18 views

GHSA-MQ73-G4QR-FGCQ Clickjacking in zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

4.3CVSS5AI score0.00354EPSS
Exploits1References5
OSV
OSV
added 2024/06/06 9:30 p.m.41 views

GHSA-C546-8JMQ-HPRJ Race condition in zenml

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

3.1CVSS3.6AI score0.00289EPSS
Exploits0References5
Rows per page
Query Builder