CVE-2024-2171

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

GHSA-VWGF-7F9H-H499 Cross site scripting in zenml

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

Improper authorization in zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

GHSA-9X88-4JG8-4VF7 Improper authorization in zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

CVE-2024-2035

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

PYSEC-2024-170

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

CVE-2024-2032

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

CVE-2024-2171

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

CVE-2024-2171

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

PYSEC-2024-170

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

PYSEC-2024-105

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

CVE-2024-2035 Improper Authorization in zenml-io/zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

CVE-2024-2035

ZenML CVE-2024-2035 affects the zenml-io/zenml project. The root cause is improper authorization on the API PUT /api/v1/users/id, allowing any authenticated user to modify other users’ data (including setting active to false), potentially deactivating admin accounts. Affected version: 0.55.3. Mit...

CVE-2024-2171 Stored XSS in zenml-io/zenml

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

CVE-2024-2171

ZenML stored XSS (CVE-2024-2171) affects ZenML prior to 0.56.2 due to unsafely accepted content in the repository field logo_url . The issue is a stored XSS that could allow an attacker to inject payloads, potentially compromising user accounts. Affected version: 0.55.3; fix: 0.56.2. Multiple con...

ZenML Cross-Site Scripting Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A cross-site scripting vulnerability exists in ZenML version 0.55.3, which stems from a stored cross-site scripting XSS vulnerability in the logourl field that allows an attacker...

ZenML Security Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A security vulnerability exists in ZenML version 0.55.3, which stems from an improper authorization vulnerability in the API PUT /api/v1/users/id endpoint that allows an attacker...