Lfprojects: >> Mlflow >> 1.23.0 Security Vulnerabilities
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
CVSS Score
7.5
EPSS Score
0.785
Published
2023-12-05
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVSS Score
9.1
EPSS Score
0.007
Published
2023-11-16
MLflow allowed arbitrary files to be PUT onto the server.
CVSS Score
10.0
EPSS Score
0.008
Published
2023-11-16
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-01
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVSS Score
10.0
EPSS Score
0.928
Published
2023-07-19
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
CVSS Score
9.8
EPSS Score
0.862
Published
2023-05-17
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-05-11
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
CVSS Score
10.0
EPSS Score
0.828
Published
2023-04-28
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-24
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
CVSS Score
9.3
EPSS Score
0.932
Published
2023-03-24