CVE-2024-2032 - OpenCVE

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zenml	Zenml

Configuration 1 [-]

cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b
https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56

History

Fri, 11 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zenml Zenml zenml
Weaknesses		CWE-362
CPEs		cpe:2.3:a:zenml:zenml::::::::
Vendors & Products		Zenml Zenml zenml
Metrics		cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:49:18.482Z

Updated: 2024-08-01T18:56:22.635Z

Reserved: 2024-02-29T19:13:02.247Z

Link: CVE-2024-2032

Vulnrichment

Updated: 2024-08-01T18:56:22.635Z

NVD

Status : Analyzed

Published: 2024-06-06T19:15:53.060

Modified: 2024-10-11T14:22:36.100

Link: CVE-2024-2032

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2032", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-29T19:13:02.247Z", "datePublished": "2024-06-06T18:49:18.482Z", "dateUpdated": "2024-08-01T18:56:22.635Z"}, "containers": {"cna": {"title": "Race Condition Vulnerability in zenml-io/zenml", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:49:18.482Z"}, "descriptions": [{"lang": "en", "value": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications."}], "affected": [{"vendor": "zenml-io", "product": "zenml-io/zenml", "versions": [{"version": "unspecified", "lessThan": "0.55.5", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56"}, {"url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "baseScore": 3.1, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-366 Race Condition within a Thread", "cweId": "CWE-366"}]}], "source": {"advisory": "6199cd5d-611f-4ea9-96c5-52a952ba5a56", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "zenml-io", "product": "zenml", "cpes": ["cpe:2.3:a:zenml-io:zenml:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.55.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T18:33:05.512380Z", "id": "CVE-2024-2032", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T18:37:49.337Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.635Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56", "tags": ["x_transferred"]}, {"url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56", "tags": ["x_transferred"]}, {"url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.635Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2032", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T18:33:05.512380Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zenml-io:zenml:*:*:*:*:*:*:*:*"], "vendor": "zenml-io", "product": "zenml", "versions": [{"status": "affected", "version": "0", "lessThan": "0.55.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T18:36:17.133Z"}}], "cna": {"title": "Race Condition Vulnerability in zenml-io/zenml", "source": {"advisory": "6199cd5d-611f-4ea9-96c5-52a952ba5a56", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "zenml-io", "product": "zenml-io/zenml", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.55.5", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56"}, {"url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b"}], "descriptions": [{"lang": "en", "value": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-366", "description": "CWE-366 Race Condition within a Thread"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:49:18.482Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2032", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:56:22.635Z", "dateReserved": "2024-02-29T19:13:02.247Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:49:18.482Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8D29AD1-72A6-48F0-97BB-824EB4A40338", "versionEndExcluding": "0.55.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications."}, {"lang": "es", "value": "Existe una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en las versiones de zenml-io/zenml hasta la 0.55.3 incluida, que permite la creaci\u00f3n de m\u00faltiples usuarios con el mismo nombre de usuario cuando las solicitudes se env\u00edan en paralelo. Este problema se solucion\u00f3 en la versi\u00f3n 0.55.5. La vulnerabilidad surge debido al manejo insuficiente de solicitudes simult\u00e1neas de creaci\u00f3n de usuarios, lo que genera inconsistencias en los datos y posibles problemas de autenticaci\u00f3n. Espec\u00edficamente, los procesos simult\u00e1neos pueden sobrescribir o da\u00f1ar los datos del usuario, complicando la identificaci\u00f3n del usuario y planteando riesgos de seguridad. Este problema es particularmente preocupante para las API que dependen de nombres de usuario como par\u00e1metros de entrada, como PUT /api/v1/users/test_race, donde podr\u00eda generar m\u00e1s complicaciones."}], "id": "CVE-2024-2032", "lastModified": "2024-10-11T14:22:36.100", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 2.5, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:53.060", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b"}, {"source": "security@huntr.dev", "tags": ["Third Party Advisory"], "url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-366"}], "source": "security@huntr.dev", "type": "Secondary"}]}