Create CVE-2024-25723.yaml

passive/cves/2024/CVE-2024-25723.yaml

@@ -0,0 +1,49 @@
+id: CVE-2024-25723
+
+info:
+  name: ZenML ZenML Server - Improper Authentication
+  author: David Botelho Mariano
+  severity: critical
+  description: |
+    ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body.
+  impact: |
+    Successful exploitation could lead to unauthorized access to sensitive data.
+  remediation: |
+    Implement proper authentication mechanisms and ensure access controls are correctly configured.
+  reference:
+    - https://www.zenml.io/blog/critical-security-update-for-zenml-users
+    - https://github.com/zenml-io/zenml
+    - https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2
+    - https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1
+    - https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4
+  classification:
+    epss-score: 0.00045
+    epss-percentile: 0.13559
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: http.favicon.hash:-2028554187
+    fofa-query: body="ZenML"
+  tags: cve,cve2024,passive,auth-bypass,zenml
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/v1/info"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "compare_versions(version, '< 0.46.7')"
+          - "!contains_any(version, '0.44.4', '0.43.1', '0.42.2')"
+          - "contains_all(body, 'deployment_type', 'database_type')"
+        condition: and
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        name: version
+        regex:
+          - '"version":"(.*?)"'
+        internal: true