GHSA-9x88-4jg8-4vf7

Source

https://github.com/advisories/GHSA-9x88-4jg8-4vf7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-9x88-4jg8-4vf7/GHSA-9x88-4jg8-4vf7.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9x88-4jg8-4vf7

Aliases

CVE-2024-2035

Published

2024-06-06T21:30:36Z

Modified

2024-06-06T22:42:23.145443Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

Improper authorization in zenml

Details

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.

Database specific

{
    "nvd_published_at": "2024-06-06T19:15:53Z",
    "cwe_ids": [
        "CWE-1220"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-06T22:21:21Z"
}

References

Affected packages

PyPI / zenml

Package

Name: zenml; View open source insights on deps.dev
Purl: pkg:pypi/zenml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.56.2

Affected versions

0.*

0.0.1rc1

0.0.1rc2

0.1.0

0.1.1

0.1.2

0.1.3rc0

0.1.3

0.1.4

0.1.5

0.2.0rc1

0.2.0rc2

0.2.0

0.3.1rc0

0.3.1

0.3.2

0.3.3rc0

0.3.3

0.3.4rc0

0.3.4

0.3.5rc0

0.3.5

0.3.6rc0

0.3.6

0.3.6.1

0.3.7rc0

0.3.7

0.3.7.1rc0

0.3.7.1rc1

0.3.7.1rc3

0.3.7.1rc4

0.3.8

0.3.9rc1

0.3.9rc2

0.5.0rc1

0.5.0rc2

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.5.6

0.5.7

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.8.0

0.8.1rc0

0.8.1

0.9.0

0.10.0

0.11.0

0.12.0

0.13.0

0.13.1

0.13.2

0.20.0rc1

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.20.5

0.21.0

0.21.1

0.22.0

0.23.0

0.30.0rc0

0.30.0rc1

0.30.0rc2

0.30.0rc3

0.30.0

0.31.0

0.31.1

0.32.0

0.32.1

0.33.0

0.34.0

0.35.0

0.35.1

0.36.0

0.36.1

0.37.0

0.38.0

0.39.0

0.39.1

0.40.0

0.40.1

0.40.2

0.40.3

0.41.0

0.42.0

0.42.1

0.42.2

0.43.0

0.43.1

0.44.0

0.44.1

0.44.2

0.44.3

0.44.4

0.45.0

0.45.1

0.45.2

0.45.3

0.45.4

0.45.5

0.45.6

0.46.0

0.46.1

0.47.0

0.50.0

0.51.0

0.52.0

0.53.0

0.53.1

0.54.0

0.54.1

0.55.0

0.55.1

0.55.2

0.55.3

0.55.4

0.55.5

0.56.0

0.56.1