CVE-2023-6831

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 2.9.2

Description The issue is related to a Path Traversal vulnerability, where the sequence '..filename' can be used to access files outside the intended directory. This vulnerability is present in the mlflow/mlflow GitHub repository.

Recommendations For versions prior to 2.9.2, update to version 2.9.2 or later to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-29CWE-22

Related Identifiers

BIT-MLFLOW-2023-6831

CVE-2023-6831

GHSA-554W-XH4J-8W64

PYSEC-2023-253

Affected Products

Mlflow

CVE-2023-6831

Weakness Enumeration

Related Identifiers

Affected Products

References · 14