Workflow

PyPi: Zenml

CVE-2024-25723

Safety vulnerability ID: 65699

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 27, 2024 Updated at Sep 09, 2024
Scan your Python projects for vulnerabilities →

Advisory

ZenML Server in the ZenML package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2. See CVE-2024-25723.

Affected package

zenml

Latest version: 0.66.0

ZenML: Write production-ready ML code.

Affected versions

Fixed versions

Vulnerability changelog

ZenML Server in the ZenML package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2. See CVE-2024-25723.


CONFIRM:https://www.zenml.io/blog/critical-security-update-for-zenml-users: https://www.zenml.io/blog/critical-security-update-for-zenml-users
MISC:https://github.com/zenml-io/zenml: https://github.com/zenml-io/zenml

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application