Description

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.

INFO

Published Date :

2024-06-06T18:18:29.911Z

Last Modified :

2024-08-01T19:11:53.449Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2383 vulnerability.

Vendors Products
Zenml
  • Zenml
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-2383.

URL Resource
https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9 cve-icon cve-icon cve-icon
https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact