Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6018 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker can overwrite any file on the server hosting MLflow without any authentication. | |||||
| CVE-2023-6015 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 7.5 HIGH |
| MLflow allowed arbitrary files to be PUT onto the server. | |||||
| CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | |||||
| CVE-2023-4033 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 7.8 HIGH |
| OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | |||||
| CVE-2023-43472 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | |||||
| CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2024-11-21 | N/A | 10.0 CRITICAL |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||||
| CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | |||||
| CVE-2023-2356 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 7.5 HIGH |
| Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | |||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 9.3 CRITICAL |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | |||||
| CVE-2023-1176 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 3.3 LOW |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | |||||
| CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | |||||