CVE-2024-2083
📋 TL;DR
A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitrary files on the server by manipulating the 'logs' URI path in API requests. This affects all deployments using vulnerable versions of ZenML with the /api/v1/steps endpoint exposed. Attackers can bypass intended access restrictions to access sensitive files outside the restricted directory.
💻 Affected Systems
- zenml-io/zenml
📦 What is this software?
Zenml by Zenml
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive configuration files, credentials, SSH keys, or other critical system files leading to lateral movement and data exfiltration.
Likely Case
Unauthorized access to sensitive application files, configuration data, and potentially credentials stored in accessible directories.
If Mitigated
Limited to reading files within the intended directory scope with proper input validation and access controls.
🎯 Exploit Status
The vulnerability is simple to exploit with basic HTTP requests containing directory traversal sequences like '../' in the logs path parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 00e934f33a243a554f5f65b80eefd5ea5117367b and later
Vendor Advisory: https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b
Restart Required: Yes
Instructions:
1. Update ZenML to the latest version or at least commit 00e934f33a243a554f5f65b80eefd5ea5117367b. 2. Restart the ZenML server. 3. Verify the fix by testing directory traversal attempts.
🔧 Temporary Workarounds
API Endpoint Restriction
allRestrict access to the /api/v1/steps endpoint using network controls or web application firewall rules.
Input Validation Proxy
allDeploy a reverse proxy that validates and sanitizes all requests to the ZenML API, rejecting any containing directory traversal patterns.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the ZenML server from sensitive systems and limit access to trusted IPs only.
- Deploy a web application firewall (WAF) with rules to block directory traversal patterns in URI paths.
🔍 How to Verify
Check if Vulnerable:
Send a test HTTP request to the /api/v1/steps endpoint with a logs parameter containing directory traversal sequences (e.g., /api/v1/steps?logs=../../../etc/passwd). If the server returns file content outside the intended directory, it's vulnerable.Check Version:
Check the ZenML version or git commit hash. For containerized deployments: docker exec <container> zenml versionVerify Fix Applied:
Repeat the vulnerable test request after patching. The server should return an error or sanitized response instead of file content.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /api/v1/steps containing patterns like '..', '../', or encoded equivalents in the logs parameter
- Unusual file access patterns from the ZenML process
Network Indicators:
- HTTP 200 responses with file content from requests to /api/v1/steps containing traversal sequences
- Increased outbound data transfer from the ZenML server
SIEM Query:
source="zenml" AND uri_path="/api/v1/steps" AND (uri_query="*..*" OR uri_query="*%2e%2e*")