CVE-2024-2083

Name of the Vulnerable Software and Affected Versions zenml-io/zenml (affected versions not specified)

Description A directory traversal issue exists, specifically within the "/api/v1/steps" endpoint. Attackers can exploit this by manipulating the logs URI path to fetch arbitrary file content, bypassing access restrictions. The issue arises due to the lack of validation for directory traversal patterns, allowing access to files outside the restricted directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.