CVE-2023-43472
- EPSS 78.54%
- Published 05.12.2023 07:15:07
- Last modified 21.11.2024 08:24:07
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
CVE-2023-6014
- EPSS 0.67%
- Published 16.11.2023 21:15:09
- Last modified 21.11.2024 08:42:58
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVE-2023-6018
- EPSS 89.57%
- Published 16.11.2023 16:15:34
- Last modified 21.11.2024 08:42:59
An attacker can overwrite any file on the server hosting MLflow without any authentication.
CVE-2023-6015
- EPSS 0.77%
- Published 16.11.2023 16:15:34
- Last modified 21.11.2024 08:42:59
MLflow allowed arbitrary files to be PUT onto the server.
CVE-2023-4033
- EPSS 0.2%
- Published 01.08.2023 01:15:10
- Last modified 21.11.2024 08:34:15
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
- EPSS 92.79%
- Published 19.07.2023 01:15:10
- Last modified 21.11.2024 08:18:00
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVE-2023-2780
- EPSS 86.16%
- Published 17.05.2023 21:15:09
- Last modified 21.11.2024 07:59:16
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
CVE-2023-30172
- EPSS 0.45%
- Published 11.05.2023 02:15:08
- Last modified 27.01.2025 17:15:12
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
CVE-2023-2356
- EPSS 82.84%
- Published 28.04.2023 00:15:08
- Last modified 21.11.2024 07:58:27
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
CVE-2023-1177
- EPSS 93.24%
- Published 24.03.2023 15:15:10
- Last modified 21.11.2024 07:38:36
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.