{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T23:53:19.036","vulnerabilities":[{"cve":{"id":"CVE-2024-2260","sourceIdentifier":"security@huntr.dev","published":"2024-04-16T00:15:11.237","lastModified":"2025-06-12T23:48:17.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token."},{"lang":"es","value":"Existe una vulnerabilidad de reparación de sesión en la aplicación zenml-io/zenml, donde los tokens JWT utilizados para la autenticación del usuario no se invalidan al cerrar sesión. Esta falla permite a un atacante eludir los mecanismos de autenticación reutilizando el token JWT de la víctima."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zenml:zenml:*:*:*:*:*:*:*:*","versionEndExcluding":"0.56.2","matchCriteriaId":"B39C79D8-E418-4820-A799-CE4633861C93"}]}]}],"references":[{"url":"https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}