← Zuruck zu CVEs

CVE-2024-2083

CRITICAL

9.9

Beschreibung

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

CVE Details

CVSS v3.1 Bewertung9.9

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht4/16/2024

Zuletzt geandert5/12/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

zenml:zenml

Schwachen (CWE)

CWE-29

Referenzen

https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b(security@huntr.dev)

https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f(security@huntr.dev)

https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b(af854a3a-2127-422b-91ae-364da2661108)

https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.