format-update

patch-4
Dhiyaneshwaran 2024-04-08 13:05:02 +05:30 committed by GitHub
parent b620a56101
commit 3de60f724a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 4 deletions

View File

@ -4,10 +4,8 @@ info:
name: ZenML ZenML Server - Improper Authentication name: ZenML ZenML Server - Improper Authentication
author: David Botelho Mariano author: David Botelho Mariano
severity: critical severity: critical
description: ZenML Server in the ZenML machine learning package before 0.46.7 description:
for Python allows remote privilege escalation because the ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
/api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on
the basis of a valid username along with a new password in the request body.
impact: | impact: |
Successful exploitation could lead to unauthorized access to sensitive data. Successful exploitation could lead to unauthorized access to sensitive data.
remediation: | remediation: |
@ -15,6 +13,9 @@ info:
reference: reference:
- https://www.zenml.io/blog/critical-security-update-for-zenml-users - https://www.zenml.io/blog/critical-security-update-for-zenml-users
- https://github.com/zenml-io/zenml - https://github.com/zenml-io/zenml
- https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
- https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
- https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
classification: classification:
epss-score: 0.00045 epss-score: 0.00045
epss-percentile: 0.13559 epss-percentile: 0.13559