Mlflow Security Vulnerabilities and Issues — Mlflow CVE List

Lucene search

LfprojectsMlflow

11 matches found

CVE•added 2024/05/16 9:15 a.m.•93 views

CVE-2024-3848

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skip...

7.5CVSS7.2AI score0.86567EPSS

CVE•added 2023/12/18 4:15 a.m.•86 views

CVE-2023-6909

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

7.5CVSS7.4AI score0.86567EPSS

CVE•added 2024/11/25 2:15 p.m.•86 views

CVE-2024-27134

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

7CVSS7AI score0.00015EPSS

CVE•added 2025/03/20 10:15 a.m.•75 views

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to resp...

7.5CVSS5.7AI score0.00106EPSS

CVE•added 2023/05/11 2:15 a.m.•60 views

CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

7.5CVSS7.3AI score0.00449EPSS

CVE•added 2024/04/16 12:15 a.m.•59 views

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can...

7.5CVSS7.4AI score0.73302EPSS

CVE•added 2024/04/16 12:15 a.m.•57 views

CVE-2024-1594

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifact_location parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component # in the artifact location URI to read arbitrary files on th...

7.5CVSS6.2AI score0.86567EPSS

CVE•added 2024/06/06 7:15 p.m.•57 views

CVE-2024-2928

A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can ...

7.5CVSS7.4AI score0.89008EPSS

CVE•added 2024/04/16 12:15 a.m.•53 views

CVE-2024-1558

A path traversal vulnerability exists in the _create_model_version() function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the _validate_non_local_...

7.5CVSS6.5AI score0.00073EPSS

CVE•added 2024/04/16 12:15 a.m.•53 views

CVE-2024-1593

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This...

7.5CVSS7.4AI score0.00409EPSS

CVE•added 2023/12/05 7:15 a.m.•36 views

CVE-2023-43472

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

7.5CVSS7.1AI score0.78536EPSS