2024-04-08 07:31:44 +00:00
id : CVE-2024-25723
info :
name : ZenML ZenML Server - Improper Authentication
author : David Botelho Mariano
severity : critical
2024-04-08 07:38:38 +00:00
description : |
2024-04-08 07:35:02 +00:00
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
2024-04-08 07:31:44 +00:00
impact : |
Successful exploitation could lead to unauthorized access to sensitive data.
remediation : |
Implement proper authentication mechanisms and ensure access controls are correctly configured.
reference :
- https://www.zenml.io/blog/critical-security-update-for-zenml-users
- https://github.com/zenml-io/zenml
2024-04-08 07:35:02 +00:00
- https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
- https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
- https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
2024-04-08 07:31:44 +00:00
classification :
epss-score : 0.00045
2024-06-07 10:04:29 +00:00
epss-percentile : 0.15096
2024-04-08 07:41:08 +00:00
metadata :
verified : true
max-request : 1
shodan-query : http.favicon.hash:-2028554187
fofa-query : body="ZenML"
2024-04-08 07:31:44 +00:00
tags : cve,cve2024,passive,auth-bypass,zenml
http :
- method : GET
path :
- "{{BaseURL}}/api/v1/info"
matchers :
- type : dsl
dsl :
- "compare_versions(version, '< 0.46.7')"
- "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
- "contains_all(body, 'deployment_type', 'database_type')"
condition : and
extractors :
- type : regex
part : body
group : 1
name : version
regex :
- '"version":"(.*?)"'
internal : true
2024-06-08 16:02:17 +00:00
# digest: 4b0a00483046022100e91e5c8905a28ff8574f46555def47ed93497e70f8ad7639c87575d09c27d4c902210089872c34c9e30a09e440c3b9d994ba1a0453d9435cb0048c67edffa918074edb:922c64590222798bb761d5b6d8e72950
