CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1231 matches found

OSV•added 2023/03/24 3:15 p.m.•1 views

PYSEC-2023-28

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

5.3CVSS5.9AI score0.00578EPSS

Exploits1References4

OSV•added 2023/03/24 3:15 p.m.•3 views

PYSEC-2023-29

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

9.8CVSS5.5AI score0.69468EPSS

Exploits2References5

Vulnrichment•added 2023/03/24 12:0 a.m.•6 views

CVE-2023-1177 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

9.3CVSS9.5AI score0.69468EPSS

Exploits2References2

Vulnrichment•added 2023/03/24 12:0 a.m.•9 views

CVE-2023-1176 Absolute Path Traversal in mlflow/mlflow

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

5.3CVSS3.9AI score0.00578EPSS

Exploits1References2

CNNVD•added 2023/03/24 12:0 a.m.•4 views

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.2.1 that stems from the presence of a path traversal vulnerability...

9.8CVSS8.2AI score0.69468EPSS

Exploits2References4

CNNVD•added 2023/03/24 12:0 a.m.•3 views

Mlflow 安全漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.2.2 that stems from the presence of an absolute path traversal vulnerability...

5.3CVSS5.2AI score0.00578EPSS

Exploits1References3

OSV•added 2023/03/24 12:0 a.m.•19 views

CVE-2023-1177 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

9.3CVSS9.4AI score0.69468EPSS

Exploits2References4

Cvelist•added 2023/03/24 12:0 a.m.•21 views

CVE-2023-1177 Path Traversal: '\..\filename' in mlflow/mlflow

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1...

9.3CVSS9.7AI score0.69468EPSS

Exploits2References2

CVE•added 2023/03/24 12:0 a.m.•90 views

CVE-2023-1176

The CVE affects the open source MLflow project mlflow/mlflow prior to version 2.2.2 (ABSOLUTE PATH TRAVERSAL). Documented in multiple sources, the vulnerability allows an attacker to traverse the filesystem to access arbitrary files on the host via the mlflow server/ui workflow (attack vector: LO...

5.3CVSS3.9AI score0.00578EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/03/24 12:0 a.m.•36 views

CVE-2023-1176 Absolute Path Traversal in mlflow/mlflow

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

5.3CVSS4.2AI score0.00578EPSS

Exploits1References2

CVE•added 2023/03/24 12:0 a.m.•163 views

CVE-2023-1177

CVE-2023-1177 is a path traversal / local-file-inclusion vulnerability in mlflow/mlflow prior to 2.2.1. Affects the MLflow server endpoints handling model-versions and artifacts (e.g., GET /model-versions/get-artifact) where a crafted path can disclose files outside the intended directory. Concre...

9.8CVSS9.4AI score0.69468EPSS

In wildExploits2References2Affected Software1

Positive Technologies•added 2023/03/24 12:0 a.m.•4 views

PT-2023-16800 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 2.2.2 Description: The issue is related to an Absolute Path Traversal in the GitHub repository mlflow/mlflow. Recommendations: For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue...

5.3CVSS4.4AI score0.00578EPSS

Exploits1References13

OSV•added 2023/03/24 12:0 a.m.•27 views

CVE-2023-1176 Absolute Path Traversal in mlflow/mlflow

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...

5.3CVSS5AI score0.00578EPSS

Exploits1References4

Huntr•added 2023/03/03 10:14 p.m.•42 views

Blind LFI in register-model/get?name=

Description A blind LFI exists in /ajax-api/2.0/mlflow/registered-models/get?name= The response from the server is different depending on if the file exists on the local file system or not. When the arbitrary local file exists, the server responds with 500 INTERNAL SERVER ERROR and when it doesn'...

1.7CVSS4.7AI score0.00578EPSS

Exploits1

Huntr•added 2023/03/03 5:15 p.m.•29 views

LFI/RFI in MLflow

Description Local and Remote File Include in MLflow Proof of Concept Start the server or UI it works on both identically bash mlflow ui --host 127.0.0.1:5001 Create a model bash curl -i -s -k -X $'POST' \ -H $'Host: 127.0.0.1:5001' -H $'User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

7.5CVSS8.9AI score0.69468EPSS

Exploits2

Veracode•added 2022/02/24 10:8 a.m.•31 views

Information Disclosure

mlflow is vulnerable to information disclosure. The vulnerability exists due to lack of sanitization in the tempfile.mktemp' function in fileutils.pyfile allows to create same name temporary files in a different process...

7.5CVSS1.8AI score0.01551EPSS

Exploits1References4Affected Software1

OSV•added 2022/02/24 12:0 a.m.•4 views

GHSA-VQJ2-4V8M-8VRQ Insecure Temporary File in mlflow

mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function tempfile.mktemp is deprecated and mkstemp should be used instead...

8.8CVSS7.1AI score0.01551EPSS

Exploits1References6

Github Security Blog•added 2022/02/24 12:0 a.m.•32 views

Insecure Temporary File in mlflow

mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function tempfile.mktemp is deprecated and mkstemp should be used instead...

8.2CVSS2.2AI score0.01551EPSS

Exploits1References5Affected Software1

vulnersOsv•added 2022/02/24 12:0 a.m.•3 views

autorad (=0.1.2), azureml-contrib-run (>=1.0.18.2 <=1.0.41) +48 more potentially affected by CVE-2022-0736 via mlflow (>=0.8.2 <=1.23.0)

mlflow PYPI version =0.8.2, =1.0.18.2, =1.4.0, =3.0.0, =0.0.4, =0.1.3, =0.0.8, =0.0.1, =0.4.5, =1.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2022-0736 Source advisory: OSV:GHSA-VQJ2-4V8M-8VRQ...

8.2CVSS7.1AI score0.01551EPSS

Exploits1