GHSA-99hm-86h7-gr3g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-99hm-86h7-gr3g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-99hm-86h7-gr3g/GHSA-99hm-86h7-gr3g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-99hm-86h7-gr3g
- Aliases
- Published
- 2024-06-08T21:30:38Z
- Modified
- 2024-07-22T13:20:54.443034Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- zenml-io/zenml does not expire the session after password reset
- Details
-
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-613" ], "github_reviewed_at": "2024-06-10T18:36:32Z", "nvd_published_at": "2024-06-08T20:15:52Z", "severity": "LOW" }- References
Affected packages
PyPI / zenml
Package
- Name
- zenml
- View open source insights on deps.dev
- Purl
- pkg:pypi/zenml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.56.3
Affected versions
0.*
0.0.1rc1
0.0.1rc2
0.1.0
0.1.1
0.1.2
0.1.3rc0
0.1.3
0.1.4
0.1.5
0.2.0rc1
0.2.0rc2
0.2.0
0.3.1rc0
0.3.1
0.3.2
0.3.3rc0
0.3.3
0.3.4rc0
0.3.4
0.3.5rc0
0.3.5
0.3.6rc0
0.3.6
0.3.6.1
0.3.7rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc3
0.3.7.1rc4
0.3.8
0.3.9rc1
0.3.9rc2
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1rc0
0.8.1
0.9.0
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.20.0rc1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.30.0rc0
0.30.0rc1
0.30.0rc2
0.30.0rc3
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.0
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.40.3
0.41.0
0.42.0
0.42.1
0.42.2
0.43.0
0.43.1
0.44.0
0.44.1
0.44.2
0.44.3
0.44.4
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.0
0.46.1
0.47.0
0.50.0
0.51.0
0.52.0
0.53.0
0.53.1
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.3
0.55.4
0.55.5
0.56.0
0.56.1
0.56.2
0.56.3