← Zuruck zu CVEs

CVE-2024-2383

MEDIUM

6.1

Beschreibung

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht6/6/2024

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

zenml:zenml

Schwachen (CWE)

CWE-1021

Referenzen

https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9(security@huntr.dev)

https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963(security@huntr.dev)

https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9(af854a3a-2127-422b-91ae-364da2661108)

https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.