CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6568 – Reflected XSS via Content-Type Header in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-6568
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack. Cross-Site-Scripting (XSS) Reflejadas en el repositorio de GitHub mlflow/mlflow antes de 2.9.0. • https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1 https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2023-43472
https://notcve.org/view.php?id=CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. Un problema en las versiones 2.8.1 y anteriores de MLFlow permite que un atacante remoto obtenga información confidencial a través de una solicitud manipulada a la API REST. • https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6014 – MLflow Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. Un atacante puede crear arbitrariamente una cuenta en MLflow sin pasar por ningún requisito de autenticación. • https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6015 – MLflow Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6015
MLflow allowed arbitrary files to be PUT onto the server. MLflow permitió PONER archivos arbitrarios en el servidor. • https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 1CVE-2023-6018 – MLflow Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-6018
An attacker can overwrite any file on the server hosting MLflow without any authentication. Un atacante puede sobrescribir cualquier archivo en el servidor que aloja MLflow sin ninguna autenticación. • https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •