Published: 24/03/2023 Updated: 02/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow before 2.2.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lfprojects mlflow

MLflow red team toolsuite

Snaike-MLflow Snaike: ProtectAI's Python AI red teaming toolsuite MLflow: Platform for the machine learning lifecycle CVE-2023-1177 is an LFI/RFI vulnerability in MLflow <223 exploitable with the MLFIflow tool It allows an unauthenticated, remote attacker to read arbitrary files such as SSH and AWS keys as well as remote files MLflow is vulnerable to this out of

CVE for 2023

CVE-2023-1177 (MLFlow Path Traversal) About MLflow MLflow is an open-source platform for managing the end-to-end machine learning lifecycle Primary Functions: MLflow tackles four primary functions: Tracking experiments to record and compare parameters and results (MLflow Tracking) Packaging ML code in a reusable, reproducible form in order to share with other data scientists

Learn more things, not suck all things

CVE-2023-1177 Learn more things, not suck all things

CWE-29 https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28 https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e https://nvd.nist.gov https://github.com/protectai/Snaike-MLflow

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1177

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect