CVE-2024-2383 Vulnerability Details

  /     /     /  

CVE-2024-2383 Metadata Quick Info

CVE Published: 06/06/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: @huntr_ai | Vendor: zenml-io | Product: zenml-io/zenml
Status : PUBLISHED

---

CVE-2024-2383 Description

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application\'s failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker\'s control. The issue was addressed in version 0.56.3.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1021
CWE Name: CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Source: zenml-io

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).