Vulnerability Description
A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zenml | Zenml | < 0.55.5 |
Related Weaknesses (CWE)
References
- https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367PatchThird Party Advisory
- https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117fExploitIssue TrackingThird Party Advisory
- https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367PatchThird Party Advisory
- https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117fExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2024-2083?
CVE-2024-2083 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI pat...
How severe is CVE-2024-2083?
CVE-2024-2083 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-2083?
Check the references section above for vendor advisories and patch information. Affected products include: Zenml Zenml.