diff --git a/passive/cves/2024/CVE-2024-25723.yaml b/passive/cves/2024/CVE-2024-25723.yaml new file mode 100644 index 0000000000..3d34c505da --- /dev/null +++ b/passive/cves/2024/CVE-2024-25723.yaml @@ -0,0 +1,49 @@ +id: CVE-2024-25723 + +info: + name: ZenML ZenML Server - Improper Authentication + author: David Botelho Mariano + severity: critical + description: | + ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. + impact: | + Successful exploitation could lead to unauthorized access to sensitive data. + remediation: | + Implement proper authentication mechanisms and ensure access controls are correctly configured. + reference: + - https://www.zenml.io/blog/critical-security-update-for-zenml-users + - https://github.com/zenml-io/zenml + - https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2 + - https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1 + - https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4 + classification: + epss-score: 0.00045 + epss-percentile: 0.13559 + metadata: + verified: true + max-request: 1 + shodan-query: http.favicon.hash:-2028554187 + fofa-query: body="ZenML" + tags: cve,cve2024,passive,auth-bypass,zenml + +http: + - method: GET + path: + - "{{BaseURL}}/api/v1/info" + + matchers: + - type: dsl + dsl: + - "compare_versions(version, '< 0.46.7')" + - "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')" + - "contains_all(body, 'deployment_type', 'database_type')" + condition: and + + extractors: + - type: regex + part: body + group: 1 + name: version + regex: + - '"version":"(.*?)"' + internal: true