A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
References
Link | Resource |
---|---|
https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9 | Patch |
https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
History
11 Oct 2024, 15:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:* | |
First Time |
Zenml
Zenml zenml |
|
References | () https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9 - Patch | |
References | () https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 - Exploit, Issue Tracking, Patch, Third Party Advisory |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 19:15
Updated : 2024-10-11 15:11
NVD link : CVE-2024-2383
Mitre link : CVE-2024-2383
CVE.ORG link : CVE-2024-2383
JSON object : View
Products Affected
zenml
- zenml
CWE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames