9.8
CVE-2023-6014
- EPSS 0.67%
- Published 16.11.2023 21:15:09
- Last modified 21.11.2024 08:42:58
- Source security@huntr.dev
- Teams watchlist Login
- Open Login
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
Data is provided by the National Vulnerability Database (NVD)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.704 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@huntr.dev | 9.1 | 3.9 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-598 Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.