CVE-2024-2383
published 2024-06-06CVE-2024-2383: A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.35%
27.3th percentile
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zenml-io | zenml-io_zenml | >= unspecified < 0.56.3 | 0.56.3 |
| zenml | zenml | < 0.56.3 | 0.56.3 |
| zenml | zenml | < f863fde1269bc355951f8cfc826c0244d88ad5e9 | f863fde1269bc355951f8cfc826c0244d88ad5e9 |
| zenml | zenml | >= 0 < 0.56.3 | 0.56.3 |
| zenml | zenml | >= 0 < f863fde1269bc355951f8cfc826c0244d88ad5e9 | f863fde1269bc355951f8cfc826c0244d88ad5e9 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Clickjacking in zenml
ghsa·2024-06-06
CVE-2024-2383 [MEDIUM] CWE-1021 Clickjacking in zenml
Clickjacking in zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
OSV
CVE-2024-2383: A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0
osv·2024-06-06
CVE-2024-2383 CVE-2024-2383: A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
OSV
Clickjacking in zenml
osv·2024-06-06
CVE-2024-2383 [MEDIUM] Clickjacking in zenml
Clickjacking in zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-06
Published