CVE-2022-0736
published 2022-02-23CVE-2022-0736: Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.55%
72.0th percentile
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 1.23.1 | 1.23.1 |
| lfprojects | mlflow | >= 0 < 1.23.1 | 1.23.1 |
| lfprojects | mlflow | >= 0 < 61984e6843d2e59235d82a580c529920cd8f3711 | 61984e6843d2e59235d82a580c529920cd8f3711 |
| mlflow | mlflow_mlflow | >= unspecified < 1.23.1 | 1.23.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Insecure Temporary File in mlflow
osv·2022-02-24
CVE-2022-0736 [HIGH] Insecure Temporary File in mlflow
Insecure Temporary File in mlflow
mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.
GHSA
Insecure Temporary File in mlflow
ghsa·2022-02-24
CVE-2022-0736 [HIGH] CWE-377 Insecure Temporary File in mlflow
Insecure Temporary File in mlflow
mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function `tempfile.mktemp()` is deprecated and `mkstemp()` should be used instead.
OSV
CVE-2022-0736: Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1
osv·2022-02-23
CVE-2022-0736 CVE-2022-0736: Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-23
Published