44 lines
1.3 KiB
YAML
44 lines
1.3 KiB
YAML
|
id: CVE-2024-25723
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: ZenML ZenML Server - Improper Authentication
|
||
|
|
author: David Botelho Mariano
|
||
|
|
severity: critical
|
||
|
|
description: ZenML Server in the ZenML machine learning package before 0.46.7
|
||
|
|
for Python allows remote privilege escalation because the
|
||
|
|
/api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on
|
||
|
|
the basis of a valid username along with a new password in the request body.
|
||
|
|
impact: |
|
||
|
|
Successful exploitation could lead to unauthorized access to sensitive data.
|
||
|
|
remediation: |
|
||
|
|
Implement proper authentication mechanisms and ensure access controls are correctly configured.
|
||
|
|
reference:
|
||
|
|
- https://www.zenml.io/blog/critical-security-update-for-zenml-users
|
||
|
|
- https://github.com/zenml-io/zenml
|
||
|
|
classification:
|
||
|
|
epss-score: 0.00045
|
||
|
|
epss-percentile: 0.13559
|
||
|
|
tags: cve,cve2024,passive,auth-bypass,zenml
|
||
|
|
|
||
|
|
http:
|
||
|
|
- method: GET
|
||
|
|
path:
|
||
|
|
- "{{BaseURL}}/api/v1/info"
|
||
|
|
|
||
|
|
matchers:
|
||
|
|
- type: dsl
|
||
|
|
dsl:
|
||
|
|
- "compare_versions(version, '< 0.46.7')"
|
||
|
|
- "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
|
||
|
|
- "contains_all(body, 'deployment_type', 'database_type')"
|
||
|
|
condition: and
|
||
|
|
|
||
|
|
extractors:
|
||
|
|
- type: regex
|
||
|
|
part: body
|
||
|
|
group: 1
|
||
|
|
name: version
|
||
|
|
regex:
|
||
|
|
- '"version":"(.*?)"'
|
||
|
|
internal: true
|