← Retour aux CVEs
CVE-2024-2383
MEDIUM6.1
Description
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie6/6/2024
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
zenml:zenml
Faiblesses (CWE)
CWE-1021
References
https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9(security@huntr.dev)
https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963(security@huntr.dev)
https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9(af854a3a-2127-422b-91ae-364da2661108)
https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.