CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1231 matches found

NVD•added 2024/05/16 9:15 a.m.•17 views

CVE-2024-4263

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.3AI score0.00329EPSS

Exploits1References2

vulnersOsv•added 2024/05/16 9:15 a.m.•3 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +163 more potentially affected by CVE-2024-3848 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-3848 Source advisory: OSV:PYSEC-2024-244...

7.5CVSS7AI score0.43284EPSS

Exploits1

PyPA•added 2024/05/16 9:15 a.m.•5 views

PYSEC-2024-244

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS6.7AI score0.89716EPSS

Exploits2References5Affected Software1

OSV•added 2024/05/16 9:15 a.m.•15 views

CVE-2024-3848

7.5CVSS6.3AI score

Exploits0References2

OSV•added 2024/05/16 9:15 a.m.•10 views

PYSEC-2024-244

7.5CVSS7.3AI score0.43284EPSS

Exploits1References5

NVD•added 2024/05/16 9:15 a.m.•13 views

CVE-2024-3848

7.5CVSS7.3AI score0.43284EPSS

Exploits1References2

vulnersOsv•added 2024/05/16 9:15 a.m.•0 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +151 more potentially affected by CVE-2024-4263 via mlflow (>=0.8.2 <=2.10.0)

5.4CVSS6AI score0.00329EPSS

Exploits1

PyPA•added 2024/05/16 9:15 a.m.•4 views

PYSEC-2024-51

5.4CVSS6.7AI score0.00329EPSS

Exploits1References3Affected Software1

OSV•added 2024/05/16 9:15 a.m.•2 views

PYSEC-2024-51

5.4CVSS5.9AI score0.00329EPSS

Exploits1References3

Cvelist•added 2024/05/16 9:3 a.m.•21 views

CVE-2024-4263 Improper Access Control in mlflow/mlflow

5.4CVSS5.6AI score0.00329EPSS

Exploits1References2

Vulnrichment•added 2024/05/16 9:3 a.m.•14 views

CVE-2024-4263 Improper Access Control in mlflow/mlflow

5.4CVSS6.7AI score0.00329EPSS

Exploits1References2

CVE•added 2024/05/16 9:3 a.m.•87 views

CVE-2024-4263

CVE-2024-4263 describes a broken access control in mlflow/mlflow prior to 2.10.1, where users with EDIT permissions on an experiment can delete artifacts they should only be able to read/update. The issue stems from insufficient validation of DELETE requests for artifact deletions, enabling unaut...

5.4CVSS6.5AI score0.00329EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/05/16 9:3 a.m.•30 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

7.5CVSS7.4AI score0.43284EPSS

Exploits1References2

Cvelist•added 2024/05/16 9:3 a.m.•35 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

7.5CVSS7.5AI score0.43284EPSS

Exploits1References2

CVE•added 2024/05/16 9:3 a.m.•121 views

CVE-2024-3848

CVE-2024-3848 affects mlflow/mlflow up to version 2.11.0. The path traversal stems from improper handling of the fragment component in artifact URLs, where a ‘#’ can insert a path into the URL fragment and bypass validation, allowing an attacker to read arbitrary files by mapping the URL to a fil...

7.5CVSS7.2AI score0.43284EPSS

Exploits1References2Affected Software1

CNNVD•added 2024/05/16 12:0 a.m.•3 views

Mlflow 访问控制错误漏洞

Mlflow is an open source platform for machine learning lifecycles. An access control error vulnerability exists in Mlflow versions prior to 2.10.1 that stems from incorrect access control...

5.4CVSS5.3AI score0.00329EPSS

Exploits1References3

Positive Technologies•added 2024/05/16 12:0 a.m.•5 views

PT-2024-28025 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.11.0 Description: A path traversal issue exists due to insufficient validation of the fragment portion of artifact URLs. An attacker can exploit this by inserting a '' character into the URL fragment, allowing them to...

7.5CVSS7.7AI score0.43284EPSS

Exploits1References9

CNNVD•added 2024/05/16 12:0 a.m.•4 views

Mlflow 安全漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow version 2.11.0, which stems from insufficient validation of the fragment portion of a URL, leading to the reading of arbitrary files via path traversal...

7.5CVSS7.5AI score0.43284EPSS

Exploits1References3

Positive Technologies•added 2024/05/16 12:0 a.m.•2 views

PT-2024-30080 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions before 2.10.1 Description: A broken access control issue exists, allowing low privilege users with only EDIT permissions on an experiment to delete any artifacts. This occurs due to the lack of proper validation for...

5.4CVSS5.7AI score0.00329EPSS

Exploits1References9

CNVD•added 2024/04/19 12:0 a.m.•6 views

Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for the machine learning lifecycle. Mlflow suffers from a path traversal vulnerability that stems from improper handling of URL parameters. An attacker can use this vulnerability to gain access to a file or directory...

7.5CVSS6.9AI score0.00695EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by