Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of login attempt rate-limiting in zenml-io/zenml
Vulnerability Description
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
ZenML 安全漏洞
Vulnerability Description
ZenML是ZenML开源的一个可扩展的开源 MLOps 框架,用于创建可移植的、可用于生产的机器学习管道。 ZenML 0.56.4版本存在安全漏洞,该漏洞源于密码更改功能缺乏速率限制,容易受到账户接管攻击。
CVSS Information
N/A
Vulnerability Type
N/A