Home > Vulnerability Database > CVE-2024-2213

Mend.io Vulnerability Database

CVE-2024-2213

Good to know:

Date: June 6, 2024

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.

Language: Python

Severity Score

3.3

Related Resources (5)

Url: https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2213

Url: https://github.com/zenml-io/zenml

Url: https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2

Url: https://www.mend.io/vulnerability-database/CVE-2024-2213

Severity Score

3.3

Weakness Type (CWE)

Authentication Issues

CWE-287

Top Fix

Upgrade Version

Upgrade to version zenml - 0.56.3

Learn More

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2213

Good to know:

Date: June 6, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?