CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.http_dataset_source.py
module, when fetching data over HTTP. The Content-Disposition
header is used directly to construct the path where the file is saved to, which allows an attacker to write arbitrary files on the host, which could be used to carry out further attacks.