Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Session Fixation Vulnerability in zenml-io/zenml
Vulnerability Description
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
CVSS Information
N/A
Vulnerability Type
会话固定
Vulnerability Title
ZenML 授权问题漏洞
Vulnerability Description
ZenML是一个可扩展的开源 MLOps 框架,用于创建可移植的、可用于生产的机器学习管道。 ZenML 0.55.4及之前版本应用程序存在授权问题漏洞,该漏洞源于存在会话固定漏洞,允许攻击者通过重复使用受害者的JWT令牌来绕过身份验证机制。
CVSS Information
N/A
Vulnerability Type
N/A