nuclei-templates/passive/cves/2024/CVE-2024-25723.yaml

id: CVE-2024-25723

info:
  name: ZenML ZenML Server - Improper Authentication
  author: David Botelho Mariano
  severity: critical
  description: |
    ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive data.
  remediation: |
    Implement proper authentication mechanisms and ensure access controls are correctly configured.
  reference:
    - https://www.zenml.io/blog/critical-security-update-for-zenml-users
    - https://github.com/zenml-io/zenml
    - https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
    - https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
    - https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
  classification:
    epss-score: 0.00045
    epss-percentile: 0.13559
  tags: cve,cve2024,passive,auth-bypass,zenml

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/info"

    matchers:
      - type: dsl
        dsl:
          - "compare_versions(version, '< 0.46.7')"
          - "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
          - "contains_all(body, 'deployment_type', 'database_type')"
        condition: and

    extractors:
      - type: regex
        part: body
        group: 1
        name: version
        regex:
          - '"version":"(.*?)"'
        internal: true
Create CVE-2024-25723.yaml 2024-04-08 07:31:44 +00:00			`id: CVE-2024-25723`

			`info:`
			`name: ZenML ZenML Server - Improper Authentication`
			`author: David Botelho Mariano`
			`severity: critical`
Update CVE-2024-25723.yaml 2024-04-08 07:38:38 +00:00			`description: \|`
format-update 2024-04-08 07:35:02 +00:00			`ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.`
Create CVE-2024-25723.yaml 2024-04-08 07:31:44 +00:00			`impact: \|`
			`Successful exploitation could lead to unauthorized access to sensitive data.`
			`remediation: \|`
			`Implement proper authentication mechanisms and ensure access controls are correctly configured.`
			`reference:`
			`- https://www.zenml.io/blog/critical-security-update-for-zenml-users`
			`- https://github.com/zenml-io/zenml`
format-update 2024-04-08 07:35:02 +00:00			`- https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2`
			`- https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1`
			`- https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4`
Create CVE-2024-25723.yaml 2024-04-08 07:31:44 +00:00			`classification:`
			`epss-score: 0.00045`
			`epss-percentile: 0.13559`
			`tags: cve,cve2024,passive,auth-bypass,zenml`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/api/v1/info"`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "compare_versions(version, '< 0.46.7')"`
			`- "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"`
			`- "contains_all(body, 'deployment_type', 'database_type')"`
			`condition: and`

			`extractors:`
			`- type: regex`
			`part: body`
			`group: 1`
			`name: version`
			`regex:`
			`- '"version":"(.*?)"'`
			`internal: true`