CVE-2024-2171

Published: Jun 6, 2024

Modified: Aug 9, 2024

PUBLISHED

CVSS v3.0

3.4

LOW

Description

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

Vendor	Product	Versions
zenml-io	zenml-io/zenml	affected `unspecified - < 0.56.2`

Weaknesses (CWE)

CWE-79

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-2171

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References