CVE-2023-1177

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 2.2.1

Description The issue is related to incorrect restriction of a directory path name with limited access. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information, execute arbitrary code, or gain full control of the system. The problem is described as a Path Traversal issue, where an attacker can use a filename like '..filename' to access files outside the intended directory.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the filename parameter in a way that could allow an attacker to traverse the directory path until the issue is resolved.