Sightline

None

zenml

Privilege Escalation in User Account Management

A vulnerability in zenml-io/zenml versions up to and including 0.56.3 allows regular users to escalate their privileges to that of a service account. This issue was patched in version 0.57.0.

Available publicly on Jun 10 2024 | Available with Premium on May 16 2024

CVE:

No CVE

CWE:

266:Incorrect Privilege Assignment

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N

Credit:

h2oa

Assess Detect

Premium

Remediate

Remediation Steps

Update to zenml-io/zenml version 0.57.0 or later.
Review and restrict user permissions to ensure that only trusted users have the ability to modify sensitive account properties.
Implement additional input validation on the server-side to prevent malicious modifications to user account properties.
Regularly audit user accounts and privileges for any irregularities or unauthorized changes.

Patch Details

Fixed Version: 0.57.0
Patch Commit: https://github.com/zenml-io/zenml/commit/bd397ba71b62175984d8b9d6d7a2eaf043c75576

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 568- related security advisories that are available with Sightline Premium.