CVE-2024-2083

CRITICAL Year: 2024
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-29
View all →

Vulnerability Description

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

Related Vulnerabilities

CVE-2023-1177

CRITICAL
CVSS:9.8(Critical)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

CWE-292023

CVE-2023-2780

CRITICAL
CVSS:9.8(Critical)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

CWE-292023

CVE-2023-6975

CRITICAL
CVSS:9.8(Critical)

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

CWE-292023

CVE-2023-6977

CRITICAL
CVSS:10.0(Critical)

This vulnerability enables malicious users to read sensitive files on the server.

CWE-292023

CVE-2024-2358

CRITICAL
CVSS:9.8(Critical)

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-...

CWE-292024

CVE-2024-2360

CRITICAL
CVSS:9.8(Critical)

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path'...

CWE-292024