cbcvebase.
CVE-2024-2260
published 2024-04-16

CVE-2024-2260: A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This…

PriorityP422medium4.2CVSS 3.1
AVNACHPRNUIRSUCLILAN
EPSS
0.43%
34.7th percentile
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.

Affected

5 ranges
VendorProductVersion rangeFixed in
zenml-iozenml-io_zenml>= unspecified < 0.56.20.56.2
zenmlzenml< 0.56.20.56.2
zenmlzenml< 68bcb3ba60cba9729c9713a49c39502d40fb945e68bcb3ba60cba9729c9713a49c39502d40fb945e
zenmlzenml>= 0 < 68bcb3ba60cba9729c9713a49c39502d40fb945e68bcb3ba60cba9729c9713a49c39502d40fb945e
zenmlzenml>= 0 < 0.56.20.56.2

CVSS provenance

nvdv3.14.2MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
nvdv3.04.2MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.