Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authorization in zenml-io/zenml
Vulnerability Description
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
ZenML 安全漏洞
Vulnerability Description
ZenML是一个可扩展的开源 MLOps 框架,用于创建可移植的、可用于生产的机器学习管道。 ZenML 0.55.3版本存在安全漏洞,该漏洞源于API PUT /api/v1/users/id端点中存在一个不当授权漏洞,允许攻击者修改其他用户的信息从而破坏应用程序的功能和安全性。
CVSS Information
N/A
Vulnerability Type
N/A