← Voltar para CVEs
CVE-2024-2171
MEDIUM4.8
Descricao
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.
Detalhes CVE
Pontuacao CVSS v3.14.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioREQUIRED
Publicado6/6/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
zenml:zenml
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e(security@huntr.dev)
https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8(security@huntr.dev)
https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e(af854a3a-2127-422b-91ae-364da2661108)
https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.