CVE-2024-2083 – A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically …

16 April 2024

Vuln ID: CVE-2024-2083

Published: 2024-04-16 00:15:11.057

Description: A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the ‘logs’ URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

16 April 2024

Categorie(s):

NVD

Tag(s):

NVD

London Drugs closes all of its pharmacies following ‘cybersecurity incident’29 April 2024
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen29 April 2024
What to know about AI at this year’s RSA Conference29 April 2024
Atos: French State Offers Non-Binding Intent to Acquire Cybersecurity and Computing Assets29 April 2024
Stop Managing Identities, Segment them Instead29 April 2024