How severe is CVE-2024-2032?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2024-2032?

This is classified as CWE-366, which is a common weakness in software security.

CVE-2024-2032 - LOW Severity | CVSS 3.1

Vulnerability Description

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.

Related Vulnerabilities

CVE-2023-4732

MEDIUM

CVSS:4.7(Medium)

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG ...

CWE-3662023

CVE-2015-10067

HIGH

CVSS:8.1(High)

A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulati...

CWE-3662015

CVE-2021-26569

HIGH

CVSS:8.1(High)

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web re...

CWE-3662021

CVE-2024-10630

HIGH

CVSS:7.8(High)

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.

CWE-3662024

CVE-2022-1729

HIGH

CVSS:7.0(High)

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kern...

CWE-3662022

CVE-2023-3218

MEDIUM

CVSS:6.5(Medium)

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.

CWE-3662023