daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-25723.yaml

patch-4
Prince Chaddha 2024-04-08 13:08:38 +05:30 committed by GitHub
parent 3de60f724a
commit 1bd2160803
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
passive/cves/2024/CVE-2024-25723.yaml
View File

@ -4,7 +4,7 @@ info:
name: ZenML ZenML Server - Improper Authentication
author: David Botelho Mariano
severity: critical
description:
description: |
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
impact: |
Successful exploitation could lead to unauthorized access to sensitive data.