Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-25723

Published: 27/02/2024 Updated: 28/02/2024

Vulnerability Summary

ZenML Server in the ZenML machine learning package prior to 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.

Github Repositories

https://github.com/david-botelho-mariano/exploit-CVE-2024-25723

Exploit for CVE-2024-25723 This repository is dedicated to addressing CVE-2024-25723, a critical security vulnerability in ZenML, with an educational Proof of Concept (PoC) provided to illustrate the issue and encourage prompt mitigation The PoC demonstrates how an unauthorized user could potentially exploit the vulnerability to take ownership of any ZenML accounts It's

References

https://github.com/zenml-io/zenmlhttps://www.zenml.io/blog/critical-security-update-for-zenml-usershttps://github.com/zenml-io/zenml/compare/0.44.3...0.44.4https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2https://nvd.nist.govhttps://github.com/david-botelho-mariano/exploit-CVE-2024-25723
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook