Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authentication in zenml-io/zenml
Vulnerability Description
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.
CVSS Information
N/A
Vulnerability Type
未经验证的口令修改
Vulnerability Title
ZenML 授权问题漏洞
Vulnerability Description
ZenML是一个可扩展的开源 MLOps 框架,用于创建可移植的、可用于生产的机器学习管道。 ZenML 0.55.4 及以下版本存在授权问题漏洞,该漏洞源于份验证机制不当,从而导致攻击者可未经授权接管帐户。
CVSS Information
N/A
Vulnerability Type
N/A