CVE-2024-2383

Source
https://cve.org/CVERecord?id=CVE-2024-2383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-2383
Aliases
Published
2024-06-06T18:18:29.911Z
Modified
2026-07-08T06:41:38.199244443Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Clickjacking Vulnerability in zenml-io/zenml
Details

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/2xxx/CVE-2024-2383.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-1021"
    ]
}
References

Affected packages

Git / github.com/zenml-io/zenml

Affected ranges

Type
GIT
Repo
https://github.com/zenml-io/zenml
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.56.3"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.3rc0
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.2.0
0.2.0rc1
0.2.0rc2
0.20.3
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.3.0
0.3.1
0.3.1rc0
0.3.2
0.3.3
0.3.3rc0
0.3.4
0.3.4rc0
0.3.5
0.3.5rc0
0.3.6
0.3.6.1
0.3.6rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc2
0.3.7.1rc3
0.3.7.1rc4
0.3.7.1rc5
0.3.7rc0
0.3.8
0.3.9rc1
0.3.9rc2
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.41.0
0.42.0
0.43.0
0.44.0
0.44.1
0.44.2
0.44.3
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.1
0.47.0
0.5.0
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.54.0
0.54.1
0.55.4
0.55.5
0.56.0
0.56.1
0.56.2
0.6.2
0.6.3
0.7.0
0.7.1
0.8.1
0.8.1rc0
0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2383.json"