Lucene search
MitreCVE-2023-43472HistoryDec 05, 2023 - 7:15 a.m.
CVE-2023-43472
2023-12-0507:15:07
mitre
web.nvd.nist.gov
15
mlflow
security
vulnerability
cve-2023-43472
rest api
information security
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.1
Confidence
High
EPSS
0.014
Percentile
86.5%
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Affected configurations
Node
lfprojectsmlflowRange≤2.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lfprojects | mlflow | * | cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* |
Related
osv
osv
BIT-mlflow-2023-43472
2024-03-06 10:58:17
Information exposure in MLflow
2023-12-05 09:33:26
CVE-2023-43472
2023-12-05 07:15:07
prion
prion
Design/Logic Flaw
2023-12-05 07:15:00
cvelist
cvelist
CVE-2023-43472
2023-12-05 00:00:00
nuclei
nuclei
MLFlow < 2.8.1 - Sensitive Information Disclosure
2024-06-07 10:46:45
nvd
nvd
CVE-2023-43472
2023-12-05 07:15:07
github
github
Information exposure in MLflow
2023-12-05 09:33:26
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.1
Confidence
High
EPSS
0.014
Percentile
86.5%
Related for CVE-2023-43472