← Volver a CVEs

CVE-2024-2171

MEDIUM

4.8

Descripcion

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

Detalles CVE

Puntuacion CVSS v3.14.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioREQUIRED

Publicado6/6/2024

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

zenml:zenml

Debilidades (CWE)

CWE-79

Referencias

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e(security@huntr.dev)

https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8(security@huntr.dev)

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e(af854a3a-2127-422b-91ae-364da2661108)

https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.