{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T09:11:16.052","vulnerabilities":[{"cve":{"id":"CVE-2024-2213","sourceIdentifier":"security@huntr.dev","published":"2024-06-06T19:15:53.890","lastModified":"2025-10-15T13:15:42.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3."},{"lang":"es","value":"Se descubrió un problema en las versiones de zenml-io/zenml hasta la 0.55.4 incluida. Debido a mecanismos de autenticación inadecuados, un atacante con acceso a una sesión de usuario activa puede cambiar la contraseña de la cuenta sin necesidad de conocer la contraseña actual. Esta vulnerabilidad permite la apropiación no autorizada de cuentas al pasar por alto el proceso estándar de verificación de cambio de contraseña. El problema se solucionó en la versión 0.56.3."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-620"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*","versionEndExcluding":"0.56.3","matchCriteriaId":"0A24ABC9-62F4-4AAF-B7C3-C14F607AD79F"}]}]}],"references":[{"url":"https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48","source":"security@huntr.dev","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}}]}