How severe is CVE-2024-4680?

This vulnerability has a severity rating of LOW with a CVSS score of 3.9 out of 10.

What type of vulnerability is CVE-2024-4680?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2024-4680 - LOW Severity | CVSS 3.9

Vulnerability Description

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.

Related Vulnerabilities

CVE-2023-40732

LOW

CVSS:3.9(Low)

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an at...

CWE-6132023

CVE-2020-4995

MEDIUM

CVSS:4.0(Medium)

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 1...

CWE-6132020

CVE-2020-6197

LOW

CVSS:3.8(Low)

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download t...

CWE-6132020

CVE-2021-29868

MEDIUM

CVSS:4.0(Medium)

IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.

CWE-6132021

CVE-2023-4005

LOW

CVSS:3.8(Low)

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

CWE-6132023

CVE-2019-3867

MEDIUM

CVSS:4.1(Medium)

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's cont...

CWE-6132019