all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZenML Remote Privilege Escalation

Add to bookmarks
April 8, 2024, 2:15 p.m. |

Packet Storm packetstormsecurity.com

ZenML allows for remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. This is the proof of concept exploit. All ZenML versions below 0.46.7 are vulnerable, with the exception being patched versions 0.44.4, 0.43.1, and 0.42.2.

access api body concept endpoint escalation exploit password privilege privilege escalation proof request rest rest api username valid vulnerable

Visit resource

More from packetstormsecurity.com / Packet Storm

Kemp LoadMaster Unauthenticated Command Injection 20 hours ago | packetstormsecurity.com
authorization command command injection command injection vulnerability +9
Debian Security Advisory 5675-1 20 hours ago | packetstormsecurity.com
advisory arbitrary code chromium code +13
Doctor Appointment Management System 1.0 Cross Site Scripting 20 hours ago | packetstormsecurity.com
cross site scripting management management system scripting +4
Ubuntu Security Notice USN-6744-3 20 hours ago | packetstormsecurity.com
automated buffer buffer overflow file +14
Ubuntu Security Notice USN-6734-2 20 hours ago | packetstormsecurity.com
api attacker crash denial of service +11
Ubuntu Security Notice USN-6733-2 20 hours ago | packetstormsecurity.com
attacker channel ecdsa gnutls +18
Ubuntu Security Notice USN-6718-3 20 hours ago | packetstormsecurity.com
curl dan default disabled +13
Ubuntu Security Notice USN-6729-3 20 hours ago | packetstormsecurity.com
apache attacker attacks chen +16
Ubuntu Security Notice USN-6737-2 20 hours ago | packetstormsecurity.com
attacker crash feature gnu +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Engineer

@ Core10 | Nashville, Tennessee, United States - Remote
View on infosec-jobs.com

Security Operations Engineer I

@ Jamf | US Remote
View on infosec-jobs.com

IT Security ISSO Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com

Compliance Officer

@ Aspire Software | Canada - Remote
View on infosec-jobs.com

Security Operations Center (SOC) - AVP

@ Paytm | Noida, Uttar Pradesh
View on infosec-jobs.com
View more jobs