Home > Vulnerability Database > CVE-2024-2083

Mend.io Vulnerability Database

CVE-2024-2083

Good to know:

Date: April 15, 2024

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

Language: Python

Severity Score

9.9

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2083

Url: https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b

Url: https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f

Url: https://github.com/zenml-io/zenml

Url: https://www.mend.io/vulnerability-database/CVE-2024-2083

Severity Score

9.9

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

Top Fix

Upgrade Version

Upgrade to version zenml - 0.55.5

Learn More

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2083

Good to know:

Date: April 15, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?