CVE-2024-2083 Vulnerability Details

  /     /     /  

CVE-2024-2083 Metadata Quick Info

CVE Published: 16/04/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: @huntr_ai | Vendor: zenml-io | Product: zenml-io/zenml
Status : PUBLISHED

CVE-2024-2083 Description

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the \'logs\' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-29
CWE Name: CWE-29 Path Traversal: ..filename
Source: zenml-io

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: