4 matches found
CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API...
a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +338 more potentially affected by CVE-2023-43472 via mlflow (>=0.8.2 <=2.8.1)
mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-43472 Source advisory: OSV:GHSA-WQXF-447M-6F5F...
CVE-2023-43472
MLFlow before 2.8.1 is affected by CVE-2023-43472. A remote attacker can disclose sensitive information via a crafted request to the MLFlow REST API. Impact described in sources: access to sensitive information stored in MLFlow. Root cause: issue exists in MLFlow 2.8.1 and earlier as stated in th...
CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API...