Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfprojects mlflow - vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2023-3765
Absolute Path Traversal in GitHub repository mlflow/mlflow before 2.5.0.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6974
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6975
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-6018
An attacker can overwrite any file on the server hosting MLflow without any authentication.
Lfprojects Mlflow -
9.8
CVSSv3
CVE-2023-2780
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.3.1.
Lfprojects Mlflow
9.8
CVSSv3
CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.2.1.
Lfprojects Mlflow
3 Github repositories
8.8
CVSSv3
CVE-2023-6976
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
Lfprojects Mlflow
8.8
CVSSv3
CVE-2023-6940
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
Lfprojects Mlflow
8.8
CVSSv3
CVE-2023-6753
Path Traversal in GitHub repository mlflow/mlflow before 2.9.2.
Lfprojects Mlflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »