Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Session Expiration in zenml-io/zenml
Vulnerability Description
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.
CVSS Information
N/A
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
ZenML 代码问题漏洞
Vulnerability Description
ZenML是一个可扩展的开源 MLOps 框架,用于创建可移植的、可用于生产的机器学习管道。 ZenML 0.56.3版本存在代码问题漏洞,该漏洞源于会话有效期不足。攻击者利用该漏洞可以重新使用旧会话凭据或会话 ID。
CVSS Information
N/A
Vulnerability Type
N/A