Lfprojects: >> Mlflow Security Vulnerabilities
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVSS Score
9.1
EPSS Score
0.007
Published
2023-11-16
MLflow allowed arbitrary files to be PUT onto the server.
CVSS Score
10.0
EPSS Score
0.008
Published
2023-11-16
An attacker can overwrite any file on the server hosting MLflow without any authentication.
CVSS Score
10.0
EPSS Score
0.884
Published
2023-11-16
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-01
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVSS Score
10.0
EPSS Score
0.928
Published
2023-07-19
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
CVSS Score
9.8
EPSS Score
0.862
Published
2023-05-17
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-05-11
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
CVSS Score
10.0
EPSS Score
0.828
Published
2023-04-28
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-24
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
CVSS Score
9.3
EPSS Score
0.932
Published
2023-03-24