14 matches found
CVE-2024-2171
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
ZenML < 0.56.2 Vulnerability - CVE-2024-2035
The version of ZenML installed on the remote host is prior to 0.56.2. It is, therefore, affected by An improper authorization vulnerability exists in the API /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing th...
GHSA-VWGF-7F9H-H499 Cross site scripting in zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
Improper authorization in zenml
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
GHSA-9X88-4JG8-4VF7 Improper authorization in zenml
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
PYSEC-2024-169
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
PYSEC-2024-170
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2035
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
CVE-2024-2171
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2171
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2035 Improper Authorization in zenml-io/zenml
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
CVE-2024-2035
ZenML CVE-2024-2035 affects the zenml-io/zenml project. The root cause is improper authorization on the API PUT /api/v1/users/id, allowing any authenticated user to modify other users’ data (including setting active to false), potentially deactivating admin accounts. Affected version: 0.55.3. Mit...
CVE-2024-2171 Stored XSS in zenml-io/zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2024-2171
ZenML stored XSS (CVE-2024-2171) affects ZenML prior to 0.56.2 due to unsafely accepted content in the repository field logo_url . The issue is a stored XSS that could allow an attacker to inject payloads, potentially compromising user accounts. Affected version: 0.55.3; fix: 0.56.2. Multiple con...