CVE-2023-1177

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.

CVE-2024-27133

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

CVE-2023-2780

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

CVE-2024-3573

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the mis...

CVE-2023-6014

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

CVE-2023-6974

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

CVE-2023-6940

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

CVE-2023-6753

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

CVE-2023-6975

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.