Total
21 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6977 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.5 HIGH |
This vulnerability enables malicious users to read sensitive files on the server. | |||||
CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 8.1 HIGH |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
CVE-2023-6974 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 9.8 CRITICAL |
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | |||||
CVE-2023-6975 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 9.8 CRITICAL |
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | |||||
CVE-2023-6018 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 9.8 CRITICAL |
An attacker can overwrite any file on the server hosting MLflow without any authentication. | |||||
CVE-2023-6015 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.5 HIGH |
MLflow allowed arbitrary files to be PUT onto the server. | |||||
CVE-2023-6753 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2024-02-28 | N/A | 8.8 HIGH |
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
CVE-2023-6709 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 8.8 HIGH |
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 9.8 CRITICAL |
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | |||||
CVE-2023-6909 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.5 HIGH |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
CVE-2023-6976 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 8.8 HIGH |
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | |||||
CVE-2023-43472 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.5 HIGH |
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | |||||
CVE-2023-6940 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 8.8 HIGH |
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | |||||
CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2024-02-28 | N/A | 10.0 CRITICAL |
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||||
CVE-2023-4033 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.8 HIGH |
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | |||||
CVE-2023-30172 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.5 HIGH |
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | |||||
CVE-2023-2356 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 7.5 HIGH |
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | |||||
CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 9.8 CRITICAL |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | |||||
CVE-2023-1176 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 3.3 LOW |
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | |||||
CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | N/A | 9.8 CRITICAL |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. |