Lucene search
+L

4 matches found

veracode
veracode
added 2024/12/09 7:55 a.m.14 views

Local Privilege Escalation

MLflow is vulnerable to Local Privilege Escalation. The vulnerability is due to excessive directory permissions, allowing a Time-of-Check to Time-of-Use ToCToU attack when the sparkudf MLflow API is called...

7CVSS6.6AI score0.0012EPSS
Exploits0References3Affected Software1
osv
osv
added 2024/11/25 2:15 p.m.18 views

PYSEC-2024-224

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

7CVSS7AI score0.0012EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/11/25 1:48 p.m.15 views

CVE-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

7CVSS7.1AI score0.0012EPSS
Exploits0References1
osv
osv
added 2024/11/25 1:48 p.m.8 views

CVE-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

7CVSS5.9AI score0.0012EPSS
Exploits0References4
Rows per page
Query Builder