CVSS: 7.8EPSS: 17%CPEs: 2EXPL: 0CVE-2024-1483 – Path Traversal Vulnerability in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1483
16 Apr 2024 — A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers. Existe una vulnerabilidad de path traversal en mlflow/mlflow versión 2.9... • https://huntr.com/bounties/52a3855d-93ff-4460-ac24-9c7e4334198d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1560 – Path Traversal Vulnerability in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1560
16 Apr 2024 — A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to p... • https://huntr.com/bounties/4a34259c-3c8f-4872-b178-f27fbc876b98 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27133 – Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
https://notcve.org/view.php?id=CVE-2024-27133
23 Feb 2024 — Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields. Una sanitización insuficiente en MLflow genera XSS cuando se ejecuta una receta que utiliza un conjunto de datos que no es de confianza. Este problema provoca un RCE del lado del cliente al ejecutar la receta en Jupyter Notebook. • https://github.com/mlflow/mlflow/pull/10893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27132 – Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
https://notcve.org/view.php?id=CVE-2024-27132
23 Feb 2024 — Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. Una sanitización insuficiente en MLflow genera XSS cuando se ejecuta una receta que no es de confianza. Este problema genera un RCE del lado del cliente cuando se ejecuta una receta que no es de confianza en Jupyter Notebook. • https://github.com/mlflow/mlflow/pull/10873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.8EPSS: 0%CPEs: 11EXPL: 1CVE-2024-22194 – cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
https://notcve.org/view.php?id=CVE-2024-22194
11 Jan 2024 — cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. El proyecto cdo-local-uuid ... • https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235 • CWE-215: Insertion of Sensitive Information Into Debugging Code CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •
CVSS: 10.0EPSS: 45%CPEs: 1EXPL: 1CVE-2023-6977 – Path Traversal: '\..\filename'
https://notcve.org/view.php?id=CVE-2023-6977
20 Dec 2023 — This vulnerability enables malicious users to read sensitive files on the server. Esta vulnerabilidad permite a usuarios malintencionados leer archivos confidenciales en el servidor. • https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6976 – Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2023-6976
20 Dec 2023 — This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Esta vulnerabilidad es capaz de escribir archivos arbitrarios en ubicaciones arbitrarias en el sistema de archivos remoto en el contexto del proceso del servidor. • https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1CVE-2023-6975 – Path Traversal: '\..\filename'
https://notcve.org/view.php?id=CVE-2023-6975
20 Dec 2023 — A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. Un usuario malintencionado podría utilizar este problema para ejecutar comandos en la máquina vulnerable y obtener acceso a información de datos y modelos. • https://github.com/mlflow/mlflow/commit/b9ab9ed77e1deda9697fe472fb1079fd428149ee • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2023-6974 – Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-6974
20 Dec 2023 — A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. Un usuario malintencionado podría utilizar este problema para acceder a servidores HTTP internos y, en el peor de los casos (es decir, instancia de AWS), podría ser un abuso obtener una ejecución remota de código en la máquina víctima. • https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6940 – Command Injection
https://notcve.org/view.php?id=CVE-2023-6940
19 Dec 2023 — with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. Con solo una interacción del usuario (descargar una configuración maliciosa), los atacantes pueden obtener la ejecución completa del comando en el sistema víctima. • https://github.com/mlflow/mlflow/commit/5139b1087d686fa52e2b087e09da66aff86297b1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •