CVE-2024-2213

LOW Year: 2024
CVSS v3 Score
3.3
Low
Weakness Type
CWE-287
View all →

Vulnerability Description

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.

Related Vulnerabilities

CVE-2019-20533

LOW
CVSS:3.3(Low)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is S...

CWE-2872019

CVE-2020-9077

LOW
CVSS:3.3(Low)

HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specifie...

CWE-2872020

CVE-2020-9250

LOW
CVSS:3.3(Low)

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient veri...

CWE-2872020

CVE-2021-25341

LOW
CVSS:3.3(Low)

Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.

CWE-2872021

CVE-2021-25342

LOW
CVSS:3.3(Low)

Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.

CWE-2872021

CVE-2021-25343

LOW
CVSS:3.3(Low)

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of...

CWE-2872021