5 matches found
CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...
CVE-2023-30172
creationtimestamp| type| source ---|---|--- 2023-05-11 07:14:59+00:00| seen| https://t.me/cibsecurity/63857...
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +143 more potentially affected by CVE-2023-30172 via mlflow (>=0.8.2 <=1.9.1)
mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.3.5, =0.8.0, =0.0.4, =0.0.7 and more Source cves: CVE-2023-30172 Source advisory: OSV:GHSA-WC6J-5G83-XFM6...
CVE-2023-30172
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...
CVE-2023-30172
CVE-2023-30172 describes a directory traversal in the mlflow platform’s /get-artifact API, allowing an attacker to read arbitrary server files via the path parameter. Affected: mlflow up to v2.0.1. Underlying cause: directory traversal in the get-artifact endpoint. Impact is high on confidentiali...