CVE-2024-4311

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 14, 2024

Updated: Nov 15, 2024

CWE ID 79

Summary

CVE-2024-4311: ZenML's version 0.56.4 suffers from an account takeover vulnerability due to insufficient rate-limiting in the password change function. An attacker can attempt multiple password guesses without restriction on the '/api/v1/current-user' endpoint, potentially brute-forcing the current password and seizing control of the user's account. This issue can lead to unauthorized access, compromising the affected account's data and functionality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mozilla Firefox

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xhywGe
https://www.cve.org/CVERecord?id=CVE-2024-4311
https://nvd.nist.gov/vuln/detail/CVE-2024-4311

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners