CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1593 – Path Traversal via Parameter Smuggling in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1593
16 Apr 2024 — A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Succes... • https://huntr.com/bounties/dbdc6bd6-d09a-46f2-9d9c-5138a14b6e31 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1560 – Path Traversal Vulnerability in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2024-1560
16 Apr 2024 — A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to p... • https://huntr.com/bounties/4a34259c-3c8f-4872-b178-f27fbc876b98 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •