forked from projectdiscovery/nuclei-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2024-25723.yaml
50 lines (46 loc) · 1.84 KB
/
CVE-2024-25723.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
id: CVE-2024-25723
info:
name: ZenML ZenML Server - Improper Authentication
author: David Botelho Mariano
severity: critical
description: |
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
impact: |
Successful exploitation could lead to unauthorized access to sensitive data.
remediation: |
Implement proper authentication mechanisms and ensure access controls are correctly configured.
reference:
- https://www.zenml.io/blog/critical-security-update-for-zenml-users
- https://github.com/zenml-io/zenml
- https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
- https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
- https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
classification:
epss-score: 0.00045
epss-percentile: 0.15096
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-2028554187
fofa-query: body="ZenML"
tags: cve,cve2024,passive,auth-bypass,zenml
http:
- method: GET
path:
- "{{BaseURL}}/api/v1/info"
matchers:
- type: dsl
dsl:
- "compare_versions(version, '< 0.46.7')"
- "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
- "contains_all(body, 'deployment_type', 'database_type')"
condition: and
extractors:
- type: regex
part: body
group: 1
name: version
regex:
- '"version":"(.*?)"'
internal: true
# digest: 490a0046304402205fa19475519d11d7a097c2c56777ce456ec566c7c000c10eb2efd1e867bb449e022068eaa151b083d5c5e68d6a228cfd9397bf585161b05ceee648a3a007215ee69e:922c64590222798bb761d5b6d8e72950