Lucene search

Mlflow Security Vulnerabilities - CVSS Score 9 - 10

cve

CVE-2023-1177

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

9.8CVSS

9.3AI Score

0.279EPSS

2023-03-24 03:15 PM

cve

CVE-2023-2780

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

9.8CVSS

9.4AI Score

0.033EPSS

2023-05-17 09:15 PM

cve

CVE-2023-6014

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

9.8CVSS

9.4AI Score

0.001EPSS

2023-11-16 09:15 PM

cve

CVE-2023-6018

An attacker can overwrite any file on the server hosting MLflow without any authentication.

9.8CVSS

9.4AI Score

0.89EPSS

2023-11-16 04:15 PM

cve

CVE-2023-6974

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

9.8CVSS

9.4AI Score

0.003EPSS

2023-12-20 06:15 AM

cve

CVE-2023-6975

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

9.8CVSS

9.5AI Score

0.001EPSS

2023-12-20 06:15 AM

cve

CVE-2024-3573

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the mis...

9.3CVSS

9.2AI Score

0.0004EPSS

2024-04-16 12:15 AM