PT-2023-32832 · Lfprojects+4 · Mlflow+1

Harupy

·

Publicado

2023-12-19

·

Atualizado

2024-03-06

·

CVE-2023-6976

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.
Description This issue allows writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

BIT-MLFLOW-2023-6976
CVE-2023-6976
GHSA-WV8Q-4F85-2P8P

Produtos afetados

Mlflow
Mlflow/Mlflow