CVE-2023-30172

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 2.0.1

Description A directory traversal issue in the "/get-artifact" API method allows attackers to read arbitrary files on the server via the path parameter.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/get-artifact" API endpoint until a patch is available. Avoid using the path parameter in the affected API endpoint until the issue is resolved.