Alex Strick van Linschoten

4 exploits Active since Jun 2024
CVE-2024-2035 WRITEUP MEDIUM WRITEUP
zenml < 0.56.2 - Authenticated Missing Authorization via API PUT /api/v1/users/id Endpoint
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.
CVSS 6.5
CVE-2024-2383 WRITEUP MEDIUM WRITEUP
zenml <= 0.55.5 - Clickjacking via Missing X-Frame-Options Header
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
CVSS 6.1
CVE-2024-4311 WRITEUP MEDIUM WRITEUP
zenml < 0.57.0rc2 - Account Takeover via Unlimited Password Change Attempts
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.
CVSS 5.4
CVE-2024-5062 WRITEUP MEDIUM WRITEUP
zenml 0.57.1 - Reflected Cross-Site Scripting via Survey Redirect Parameter
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover.
CVSS 6.1