CVE-2024-4680 - OpenCVE

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zenml	Zenml

Configuration 1 [-]

cpe:2.3:a:zenml:zenml:0.56.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-08T19:38:31.250Z

Updated: 2024-08-01T20:47:41.348Z

Reserved: 2024-05-09T08:03:08.973Z

Link: CVE-2024-4680

Vulnrichment

Updated: 2024-08-01T20:47:41.348Z

NVD

Status : Analyzed

Published: 2024-06-08T20:15:52.347

Modified: 2024-07-19T18:51:53.003

Link: CVE-2024-4680

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4680", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-05-09T08:03:08.973Z", "datePublished": "2024-06-08T19:38:31.250Z", "dateUpdated": "2024-08-01T20:47:41.348Z"}, "containers": {"cna": {"title": "Insufficient Session Expiration in zenml-io/zenml", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-08T19:38:31.250Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication."}], "affected": [{"vendor": "zenml-io", "product": "zenml-io/zenml", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "baseScore": 3.9, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-613 Insufficient Session Expiration", "cweId": "CWE-613"}]}], "source": {"advisory": "c88f6bd2-490d-4930-98dd-03651b20230a", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "zenmlio", "product": "zenml", "cpes": ["cpe:2.3:a:zenmlio:zenml:0.56.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.56.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T20:06:48.632801Z", "id": "CVE-2024-4680", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:48:27.856Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:47:41.348Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:47:41.348Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4680", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T20:06:48.632801Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:zenmlio:zenml:0.56.3:*:*:*:*:*:*:*"], "vendor": "zenmlio", "product": "zenml", "versions": [{"status": "affected", "version": "0.56.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:43:23.052Z"}}], "cna": {"title": "Insufficient Session Expiration in zenml-io/zenml", "source": {"advisory": "c88f6bd2-490d-4930-98dd-03651b20230a", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.9, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "zenml-io", "product": "zenml-io/zenml", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a"}], "descriptions": [{"lang": "en", "value": "A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-08T19:38:31.250Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4680", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:47:41.348Z", "dateReserved": "2024-05-09T08:03:08.973Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-08T19:38:31.250Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zenml:zenml:0.56.3:*:*:*:*:*:*:*", "matchCriteriaId": "50342A08-B715-4C14-BB9E-F6C8D2C6A683", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication."}, {"lang": "es", "value": "Una vulnerabilidad en zenml-io/zenml versi\u00f3n 0.56.3 permite a los atacantes reutilizar credenciales de sesi\u00f3n antiguas o ID de sesi\u00f3n debido a una caducidad insuficiente de la sesi\u00f3n. Espec\u00edficamente, la sesi\u00f3n no expira despu\u00e9s de un cambio de contrase\u00f1a, lo que permite a un atacante mantener el acceso a una cuenta comprometida sin que la v\u00edctima pueda revocar este acceso. Este problema se observ\u00f3 en una implementaci\u00f3n de ZenML autohospedada a trav\u00e9s de Docker, donde despu\u00e9s de cambiar la contrase\u00f1a de un navegador, la sesi\u00f3n permaneci\u00f3 activa y utilizable en otro navegador sin necesidad de volver a autenticarse."}], "id": "CVE-2024-4680", "lastModified": "2024-07-19T18:51:53.003", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 3.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-08T20:15:52.347", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking"], "url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "security@huntr.dev", "type": "Primary"}]}