Create CVE-2024-25723.yaml

passive/cves/2024/CVE-2024-25723.yaml

@@ -0,0 +1,43 @@
+id: CVE-2024-25723
+
+info:
+  name: ZenML ZenML Server - Improper Authentication
+  author: David Botelho Mariano
+  severity: critical
+  description: ZenML Server in the ZenML machine learning package before 0.46.7
+    for Python allows remote privilege escalation because the
+    /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on
+    the basis of a valid username along with a new password in the request body.
+  impact: |
+    Successful exploitation could lead to unauthorized access to sensitive data.
+  remediation: |
+    Implement proper authentication mechanisms and ensure access controls are correctly configured.
+  reference:
+    - https://www.zenml.io/blog/critical-security-update-for-zenml-users
+    - https://github.com/zenml-io/zenml
+  classification:
+    epss-score: 0.00045
+    epss-percentile: 0.13559
+  tags: cve,cve2024,passive,auth-bypass,zenml
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/v1/info"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "compare_versions(version, '< 0.46.7')"
+          - "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
+          - "contains_all(body, 'deployment_type', 'database_type')"
+        condition: and
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        name: version
+        regex:
+          - '"version":"(.*?)"'
+        internal: true