PT-2023-22565 · Mlflow · Mlflow

Y4Ppiefluo

Publicado

2023-05-11

Atualizado

2025-01-27

CVE-2023-30172

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 2.0.1

Description A directory traversal issue in the "/get-artifact" API method allows attackers to read arbitrary files on the server via the path parameter.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/get-artifact" API endpoint until a patch is available. Avoid using the path parameter in the affected API endpoint until the issue is resolved.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BIT-MLFLOW-2023-30172

CVE-2023-30172

GHSA-WC6J-5G83-XFM6

PYSEC-2023-70

Produtos afetados

Mlflow

PT-2023-22565 · Mlflow · Mlflow

CVE-2023-30172

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16