format-update
Dhiyaneshwaran
GitHub
parent
b620a56101
commit
3de60f724a
|
|
@ -4,10 +4,8 @@ info:
|
||||||
name: ZenML ZenML Server - Improper Authentication
|
name: ZenML ZenML Server - Improper Authentication
|
||||||
author: David Botelho Mariano
|
author: David Botelho Mariano
|
||||||
severity: critical
|
severity: critical
|
||||||
description: ZenML Server in the ZenML machine learning package before 0.46.7
|
description:
|
||||||
for Python allows remote privilege escalation because the
|
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
|
||||||
/api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on
|
|
||||||
the basis of a valid username along with a new password in the request body.
|
|
||||||
impact: |
|
impact: |
|
||||||
Successful exploitation could lead to unauthorized access to sensitive data.
|
Successful exploitation could lead to unauthorized access to sensitive data.
|
||||||
remediation: |
|
remediation: |
|
||||||
|
|
@ -15,6 +13,9 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.zenml.io/blog/critical-security-update-for-zenml-users
|
- https://www.zenml.io/blog/critical-security-update-for-zenml-users
|
||||||
- https://github.com/zenml-io/zenml
|
- https://github.com/zenml-io/zenml
|
||||||
|
- https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
|
||||||
|
- https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
|
||||||
|
- https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
|
||||||
classification:
|
classification:
|
||||||
epss-score: 0.00045
|
epss-score: 0.00045
|
||||||
epss-percentile: 0.13559
|
epss-percentile: 0.13559
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue