Lucene search
GitHub Advisory DatabaseGHSA-QG8P-32GR-GH6XHistoryDec 20, 2023 - 6:30 a.m.
MLflow Local File Disclosure Vulnerability
2023-12-2006:30:25
CWE-29
GitHub Advisory Database
github.com
11
mlflow
local file disclosure
vulnerability
malicious users
sensitive files
server
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.006
Percentile
77.9%
This vulnerability enables malicious users to read sensitive files on the server.
Affected configurations
Node
mlflowmlflowRange<2.9.2
Related
osv
osv
CVE-2023-6977
2023-12-20 06:15:45
BIT-mlflow-2023-6977
2024-03-06 10:56:07
MLflow Local File Disclosure Vulnerability
2023-12-20 06:30:25
nvd
nvd
CVE-2023-6977
2023-12-20 06:15:45
cve
cve
CVE-2023-6977
2023-12-20 06:15:45
cvelist
cvelist
CVE-2023-6977 Path Traversal: '\..\filename'
2023-12-20 05:37:12
prion
prion
Design/Logic Flaw
2023-12-20 06:15:00
veracode
veracode
Path Traversal
2023-12-21 08:22:25
nuclei
nuclei
Mlflow <2.8.0 - Local File Inclusion
2024-01-26 07:20:29
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.006
Percentile
77.9%
Related for GHSA-QG8P-32GR-GH6X