How severe is CVE-2024-2035?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-2035?

This is classified as CWE-1220, which is a common weakness in software security.

CVE-2024-2035 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.

Related Vulnerabilities

CVE-2022-1177

MEDIUM

CVSS:6.5(Medium)

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

CWE-12202022

CVE-2023-32259

MEDIUM

CVSS:6.5(Medium)

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control...

CWE-12202023

CVE-2023-43040

MEDIUM

CVSS:6.5(Medium)

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

CWE-12202023

CVE-2023-4456

MEDIUM

CVSS:6.5(Medium)

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as ...

CWE-12202023

CVE-2024-39279

MEDIUM

CVSS:6.5(Medium)

Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.

CWE-12202024

CVE-2023-6725

MEDIUM

CVSS:6.6(Medium)

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker wi...

CWE-12202023