A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-05-11
Updated
2023-05-22
This vulnerability enables malicious users to read sensitive files on the server.
Max CVSS
10.0
EPSS Score
0.41%
Published
2023-12-20
Updated
2023-12-29
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-12-20
Updated
2024-02-06
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Max CVSS
7.5
EPSS Score
0.41%
Published
2023-12-18
Updated
2024-02-06
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Max CVSS
8.1
EPSS Score
0.25%
Published
2023-12-15
Updated
2024-02-13
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
Max CVSS
9.6
EPSS Score
0.09%
Published
2023-12-13
Updated
2023-12-15
MLflow allowed arbitrary files to be PUT onto the server.
Max CVSS
10.0
EPSS Score
0.09%
Published
2023-11-16
Updated
2023-11-29
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
Max CVSS
10.0
EPSS Score
0.86%
Published
2023-07-19
Updated
2023-07-28
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
Max CVSS
9.8
EPSS Score
4.25%
Published
2023-05-17
Updated
2023-05-25
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
Max CVSS
10.0
EPSS Score
0.96%
Published
2023-04-28
Updated
2023-05-05
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Max CVSS
9.8
EPSS Score
3.01%
Published
2023-03-24
Updated
2023-11-02
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
Max CVSS
5.3
EPSS Score
0.04%
Published
2023-03-24
Updated
2023-03-28
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!