Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfprojects mlflow vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow before 2.5.0.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6974
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6975
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6018
An attacker can overwrite any file on the server hosting MLflow without any authentication.
Lfprojects Mlflow -
9.8
CVSSv3
CVE-2023-2780
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.3.1.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.2.1.
Lfprojects Mlflow
3 Github repositories
8.8
CVSSv3
CVE-2023-6976
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
Lfprojects Mlflow
8.8
CVSSv3
CVE-2023-6940
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
Lfprojects Mlflow
8.8
CVSSv3
CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow before 2.9.2.
Lfprojects Mlflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »