Moderate severityNVD Advisory· Published Apr 16, 2024· Updated Aug 1, 2024
Session Fixation Vulnerability in zenml-io/zenml
CVE-2024-2260
Description
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zenmlPyPI | < 0.56.2 | 0.56.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-g3r5-72hf-p7p2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-2260ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yamlghsaWEB
- github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945eghsaWEB
- huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167ghsaWEB
News mentions
0No linked articles in our index yet.