GHSA-99hm-86h7-gr3g

Source

https://github.com/advisories/GHSA-99hm-86h7-gr3g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-99hm-86h7-gr3g/GHSA-99hm-86h7-gr3g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-99hm-86h7-gr3g

Aliases

CVE-2024-4680

Published

2024-06-08T21:30:38Z

Modified

2024-07-22T13:20:54.443034Z

Severity

3.9 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

zenml-io/zenml does not expire the session after password reset

Details

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.

Database specific

{
    "nvd_published_at": "2024-06-08T20:15:52Z",
    "cwe_ids": [
        "CWE-613"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-10T18:36:32Z"
}

References

Affected packages

PyPI / zenml

Package

Name: zenml; View open source insights on deps.dev
Purl: pkg:pypi/zenml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.56.3

Affected versions

0.*

0.0.1rc1

0.0.1rc2

0.1.0

0.1.1

0.1.2

0.1.3rc0

0.1.3

0.1.4

0.1.5

0.2.0rc1

0.2.0rc2

0.2.0

0.3.1rc0

0.3.1

0.3.2

0.3.3rc0

0.3.3

0.3.4rc0

0.3.4

0.3.5rc0

0.3.5

0.3.6rc0

0.3.6

0.3.6.1

0.3.7rc0

0.3.7

0.3.7.1rc0

0.3.7.1rc1

0.3.7.1rc3

0.3.7.1rc4

0.3.8

0.3.9rc1

0.3.9rc2

0.5.0rc1

0.5.0rc2

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1rc0

0.8.1

0.9.0

0.10.0

0.11.0

0.12.0

0.13.0

0.13.1

0.13.2

0.20.0rc1

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.20.5

0.21.0

0.21.1

0.22.0

0.23.0

0.30.0rc0

0.30.0rc1

0.30.0rc2

0.30.0rc3

0.30.0

0.31.0

0.31.1

0.32.0

0.32.1

0.33.0

0.34.0

0.35.0

0.35.1

0.36.0

0.36.1

0.37.0

0.38.0

0.39.0

0.39.1

0.40.0

0.40.1

0.40.2

0.40.3

0.41.0

0.42.0

0.42.1

0.42.2

0.43.0

0.43.1

0.44.0

0.44.1

0.44.2

0.44.3

0.44.4

0.45.0

0.45.1

0.45.2

0.45.3

0.45.4

0.45.5

0.45.6

0.46.0

0.46.1

0.47.0

0.50.0

0.51.0

0.52.0

0.53.0

0.53.1

0.54.0

0.54.1

0.55.0

0.55.1

0.55.2

0.55.3

0.55.4

0.55.5

0.56.0

0.56.1

0.56.2

0.56.3