Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/18 11:48 p.m.21 views

Creation of Temporary File With Insecure Permissions

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the...

7.8CVSS7.6AI score0.00215EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/18 8:26 p.m.11 views

CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.15 views

PT-2026-41733

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description The get or create nfs tmp dir function in mlflow/utils/file utils.py creates temporary directories with world-writable permissions 0o777, and the create model downloading tmp dir function in...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.8 views

SUSE CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

5.9CVSS7.8AI score0.01025EPSS
Exploits1References3
Rows per page
Query Builder