CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2023-43472
https://notcve.org/view.php?id=CVE-2023-43472
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. Un problema en las versiones 2.8.1 y anteriores de MLFlow permite que un atacante remoto obtenga información confidencial a través de una solicitud manipulada a la API REST. • https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6015 – MLflow Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6015
MLflow allowed arbitrary files to be PUT onto the server. MLflow permitió PONER archivos arbitrarios en el servidor. • https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4033 – OS Command Injection in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-4033
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. • https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b https://huntr.dev/bounties/5312d6f8-67a5-4607-bd47-5e19966fa321 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-3765 – Absolute Path Traversal in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. • https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76 • CWE-36: Absolute Path Traversal •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2023-2780 – Path Traversal: '\..\filename' in mlflow/mlflow
https://notcve.org/view.php?id=CVE-2023-2780
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. • https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857 https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689 • CWE-29: Path Traversal: '\..\filename' •