Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1234 matches found

Github Security Blog
Github Security Blogadded 2024/05/16 9:33 a.m.19 views

MLflow allows low privilege users to delete any artifact

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS6.9AI score0.00329EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2024/05/16 9:33 a.m.22 views

MLflow has a Local File Read/Path Traversal bypass

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS6.7AI score0.43284EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2024/05/16 9:15 a.m.18 views

CVE-2024-4263

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.3AI score0.00329EPSS
Exploits1References2
OSV
OSVadded 2024/05/16 9:15 a.m.7 views

CVE-2024-4263

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.3AI score
Exploits0References2
vulnersOsv
vulnersOsvadded 2024/05/16 9:15 a.m.9 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +163 more potentially affected by CVE-2024-3848 via mlflow (>=0.8.2 <=2.11.3)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-3848 Source advisory: OSV:PYSEC-2024-244...

7.5CVSS7AI score0.43284EPSS
Exploits1
PyPA
PyPAadded 2024/05/16 9:15 a.m.6 views

PYSEC-2024-244

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS6.7AI score0.89716EPSS
Exploits2References5Affected Software1
NVD
NVDadded 2024/05/16 9:15 a.m.15 views

CVE-2024-3848

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.3AI score0.43284EPSS
Exploits1References2
OSV
OSVadded 2024/05/16 9:15 a.m.14 views

PYSEC-2024-244

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.3AI score0.43284EPSS
Exploits1References5
OSV
OSVadded 2024/05/16 9:15 a.m.15 views

CVE-2024-3848

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS6.3AI score
Exploits0References2
vulnersOsv
vulnersOsvadded 2024/05/16 9:15 a.m.4 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +151 more potentially affected by CVE-2024-4263 via mlflow (>=0.8.2 <=2.10.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-4263 Source advisory: OSV:PYSEC-2024-51...

5.4CVSS6AI score0.00329EPSS
Exploits1
PyPA
PyPAadded 2024/05/16 9:15 a.m.4 views

PYSEC-2024-51

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS6.7AI score0.00329EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2024/05/16 9:15 a.m.3 views

PYSEC-2024-51

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.9AI score0.00329EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2024/05/16 9:3 a.m.15 views

CVE-2024-4263 Improper Access Control in mlflow/mlflow

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS6.7AI score0.00329EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/05/16 9:3 a.m.21 views

CVE-2024-4263 Improper Access Control in mlflow/mlflow

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

5.4CVSS5.6AI score0.00329EPSS
Exploits1References2
CVE
CVEadded 2024/05/16 9:3 a.m.92 views

CVE-2024-4263

CVE-2024-4263 describes a broken access control in mlflow/mlflow prior to 2.10.1, where users with EDIT permissions on an experiment can delete artifacts they should only be able to read/update. The issue stems from insufficient validation of DELETE requests for artifact deletions, enabling unaut...

5.4CVSS6.5AI score0.00329EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/05/16 9:3 a.m.30 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.4AI score0.43284EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/05/16 9:3 a.m.39 views

CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.5AI score0.43284EPSS
Exploits1References2
CVE
CVEadded 2024/05/16 9:3 a.m.126 views

CVE-2024-3848

CVE-2024-3848 affects mlflow/mlflow up to version 2.11.0. The path traversal stems from improper handling of the fragment component in artifact URLs, where a ‘#’ can insert a path into the URL fragment and bypass validation, allowing an attacker to read arbitrary files by mapping the URL to a fil...

7.5CVSS7.2AI score0.43284EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2024/05/16 12:0 a.m.3 views

Mlflow 访问控制错误漏洞

Mlflow is an open source platform for machine learning lifecycles. An access control error vulnerability exists in Mlflow versions prior to 2.10.1 that stems from incorrect access control...

5.4CVSS5.3AI score0.00329EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2024/05/16 12:0 a.m.3 views

PT-2024-30080 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions before 2.10.1 Description: A broken access control issue exists, allowing low privilege users with only EDIT permissions on an experiment to delete any artifacts. This occurs due to the lack of proper validation for...

5.4CVSS5.7AI score0.00329EPSS
Exploits1References9
Rows per page
Query Builder