CVE-2024-2035

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-2035
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2035.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-2035
Aliases
Published
2024-06-06T19:15:53Z
Modified
2024-06-08T01:18:43.732247Z
Summary
[none]
Details

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.

References

Affected packages

Git / github.com/zenml-io/zenml

Affected ranges

Type
GIT
Repo
https://github.com/zenml-io/zenml
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.3rc0
0.1.4
0.1.5
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.2.0
0.2.0rc1
0.2.0rc2
0.20.3
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.3.0
0.3.1
0.3.1rc0
0.3.2
0.3.3
0.3.3rc0
0.3.4
0.3.4rc0
0.3.5
0.3.5rc0
0.3.6
0.3.6.1
0.3.6rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc2
0.3.7.1rc3
0.3.7.1rc4
0.3.7.1rc5
0.3.7rc0
0.3.8
0.3.9rc1
0.3.9rc2
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.41.0
0.42.0
0.43.0
0.44.0
0.44.1
0.44.2
0.44.3
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.1
0.47.0
0.5.0
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.4
0.55.5
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.8.1
0.8.1rc0
0.9.0