Lucene search
MitreCVE-2023-30172HistoryMay 11, 2023 - 2:15 a.m.
CVE-2023-30172
2023-05-1102:15:08
CWE-22
mitre
web.nvd.nist.gov
39
directory traversal
get-artifact
mlflow
api
vulnerability
nvd
cve-2023-30172
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
44.0%
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
Affected configurations
Node
lfprojectsmlflowRange<2.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lfprojects | mlflow | * | cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* |
Related
veracode
veracode
Path Traversal
2023-05-18 02:26:15
prion
prion
Directory traversal
2023-05-11 02:15:00
osv
osv
PYSEC-2023-70
2023-05-11 02:15:00
BIT-mlflow-2023-30172
2024-03-06 10:58:44
CVE-2023-30172
2023-05-11 02:15:08
github
github
mflow vulnerable to directory traversal
2023-05-11 03:30:15
cvelist
cvelist
CVE-2023-30172
2023-05-11 00:00:00
nvd
nvd
CVE-2023-30172
2023-05-11 02:15:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
44.0%
Related for CVE-2023-30172