Lucene search
GoogleOSV:BIT-MLFLOW-2023-43472HistoryMar 06, 2024 - 10:58 a.m.
BIT-mlflow-2023-43472
2024-03-0610:58:17
Google
osv.dev
2
mlflow
vulnerability
remote attacker
sensitive information
rest api
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.2%
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Related
cve
cve
CVE-2023-43472
2023-12-05 07:15:07
osv
osv
Information exposure in MLflow
2023-12-05 09:33:26
CVE-2023-43472
2023-12-05 07:15:07
prion
prion
Design/Logic Flaw
2023-12-05 07:15:00
nvd
nvd
CVE-2023-43472
2023-12-05 07:15:07
github
github
Information exposure in MLflow
2023-12-05 09:33:26
cvelist
cvelist
CVE-2023-43472
2023-12-05 00:00:00
nuclei
nuclei
MLFlow < 2.8.1 - Sensitive Information Disclosure
2024-06-07 10:46:45
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.2%
Related for OSV:BIT-MLFLOW-2023-43472