CVE-2025-55795 (CNNVD-202509-4399)
中文标题:
OpenML Frontend 安全漏洞
英文标题:
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficie...
漏洞描述
中文描述:
OpenML Frontend是OpenML开源的一个OpenML前端页面。 OpenML Frontend v2.0.20241110版本存在安全漏洞,该漏洞源于增量用户ID和电子邮件所有权验证不足,可能导致攻击者通过更新电子邮件地址锁定受害者账户。
英文描述:
The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with a higher user ID without proper verification. This results in the victim's email being reassigned to the attacker's account, causing the victim to be locked out immediately and unable to log in. The vulnerability leads to denial of service via account lockout but does not grant the attacker direct access to the victim's private data.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| openml | openml.org | * | - | - |
cpe:2.3:a:openml:openml.org:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
LOWCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-55795 |
2025-11-11 15:23:29 | 2025-11-11 07:40:44 |
| NVD | nvd_CVE-2025-55795 |
2025-11-11 15:01:04 | 2025-11-11 07:48:31 |
| CNNVD | cnnvd_CNNVD-202509-4399 |
2025-11-11 15:12:59 | 2025-11-11 08:00:14 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-4399
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']