CVE-2024-2260

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-2260
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-2260.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-2260
Aliases
Published
2024-04-16T00:15:11Z
Modified
2024-10-12T11:18:39.474757Z
Summary
[none]
Details

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.

References

Affected packages

Git / github.com/zenml-io/zenml

Affected ranges

Type
GIT
Repo
https://github.com/zenml-io/zenml
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.3rc0
0.1.4
0.1.5
0.10.0
0.11.0
0.12.0
0.13.0
0.13.1
0.13.2
0.2.0
0.2.0rc1
0.2.0rc2
0.20.3
0.20.5
0.21.0
0.21.1
0.22.0
0.23.0
0.3.0
0.3.1
0.3.1rc0
0.3.2
0.3.3
0.3.3rc0
0.3.4
0.3.4rc0
0.3.5
0.3.5rc0
0.3.6
0.3.6.1
0.3.6rc0
0.3.7
0.3.7.1rc0
0.3.7.1rc1
0.3.7.1rc2
0.3.7.1rc3
0.3.7.1rc4
0.3.7.1rc5
0.3.7rc0
0.3.8
0.3.9rc1
0.3.9rc2
0.30.0
0.31.0
0.31.1
0.32.0
0.32.1
0.33.0
0.34.0
0.35.0
0.35.1
0.36.1
0.37.0
0.38.0
0.39.0
0.39.1
0.40.0
0.40.1
0.40.2
0.41.0
0.42.0
0.43.0
0.44.0
0.44.1
0.44.2
0.44.3
0.45.0
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.46.1
0.47.0
0.5.0
0.5.0rc1
0.5.0rc2
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.54.0
0.54.1
0.55.0
0.55.1
0.55.2
0.55.4
0.55.5
0.56.0
0.56.1
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.8.1
0.8.1rc0
0.9.0