2024-04-08 07:31:44 +00:00
id : CVE-2024-25723
info :
name : ZenML ZenML Server - Improper Authentication
author : David Botelho Mariano
severity : critical
2024-04-08 07:38:38 +00:00
description : |
2024-04-08 07:35:02 +00:00
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
2024-04-08 07:31:44 +00:00
impact : |
Successful exploitation could lead to unauthorized access to sensitive data.
remediation : |
Implement proper authentication mechanisms and ensure access controls are correctly configured.
reference :
- https://www.zenml.io/blog/critical-security-update-for-zenml-users
- https://github.com/zenml-io/zenml
2024-04-08 07:35:02 +00:00
- https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
- https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
- https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
2024-04-08 07:31:44 +00:00
classification :
epss-score : 0.00045
epss-percentile : 0.13559
2024-04-08 07:41:08 +00:00
metadata :
verified : true
max-request : 1
shodan-query : http.favicon.hash:-2028554187
fofa-query : body="ZenML"
2024-04-08 07:31:44 +00:00
tags : cve,cve2024,passive,auth-bypass,zenml
http :
- method : GET
path :
- "{{BaseURL}}/api/v1/info"
matchers :
- type : dsl
dsl :
- "compare_versions(version, '< 0.46.7')"
- "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
- "contains_all(body, 'deployment_type', 'database_type')"
condition : and
extractors :
- type : regex
part : body
group : 1
name : version
regex :
- '"version":"(.*?)"'
internal : true
2024-06-03 09:01:59 +00:00
# digest: 4a0a00473045022100a3620df7f00a1667d7ff1a1a8334e1e280a30c3ff0b67dae912a60cfd78e85750220406c282e2b21dfaded95153cb05a70fc5e53f06119c22e81d98cc24b8345d94b:922c64590222798bb761d5b6d8e72950