Lucene search
HistoryDec 05, 2023 - 7:15 a.m.
CVE-2023-43472
mlflow version
remote attacker
sensitive information
rest api
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.012 Low
EPSS
Percentile
85.2%
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Affected configurations
Node
lfprojectsmlflowRange≤2.8.1
Related
cve
cve
CVE-2023-43472
2023-12-05 07:15:07
osv
osv
BIT-mlflow-2023-43472
2024-03-06 10:58:17
Information exposure in MLflow
2023-12-05 09:33:26
CVE-2023-43472
2023-12-05 07:15:07
prion
prion
Design/Logic Flaw
2023-12-05 07:15:00
github
github
Information exposure in MLflow
2023-12-05 09:33:26
cvelist
cvelist
CVE-2023-43472
2023-12-05 00:00:00
nuclei
nuclei
MLFlow < 2.8.1 - Sensitive Information Disclosure
2024-06-07 10:46:45
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.012 Low
EPSS
Percentile
85.2%
Related for NVD:CVE-2023-43472