CVE-2024-2260
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-2260
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2260.json
- Aliases
- Published
- 2024-04-16T00:15:11Z
- Modified
- 2024-05-14T13:01:35.995868Z
- Summary
- [none]
- Details
-
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
- References
Affected packages
Git / github.com/zenml-io/zenml
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.3rc0
0.1.4
0.1.5
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.2.0
0.2.0rc1
0.2.0rc2
0.20.3
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.3.0
0.3.1
0.3.1rc0
0.3.2
0.3.3
0.3.3rc0
0.3.4
0.3.4rc0
0.3.5
0.3.5rc0
0.3.6
0.3.6.1
0.3.6rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc2
0.3.7.1rc3
0.3.7.1rc4
0.3.7.1rc5
0.3.7rc0
0.3.8
0.3.9rc1
0.3.9rc2
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.41.0
0.42.0
0.43.0
0.44.0
0.44.1
0.44.2
0.44.3
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.1
0.47.0
0.5.0
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.4
0.55.5
0.56.0
0.56.1
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.8.1
0.8.1rc0
0.9.0