How severe is CVE-2024-4311?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-4311?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2024-4311 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.

Related Vulnerabilities

CVE-2017-2613

MEDIUM

CVSS:5.4(Medium)

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could...

CWE-7702017

CVE-2022-35221

MEDIUM

CVSS:5.4(Medium)

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread sub...

CWE-7702022

CVE-2023-46130

MEDIUM

CVSS:5.4(Medium)

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components al...

CWE-7702023

CVE-2017-0771

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

CWE-7702017

CVE-2017-12144

MEDIUM

CVSS:5.5(Medium)

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-7702017

CVE-2017-13716

MEDIUM

CVSS:5.5(Medium)

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application cra...

CWE-7702017