cbcvebase.
CVE-2023-1176
published 2023-03-24

CVE-2023-1176: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

PriorityP411low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
EPSS
0.58%
43.3th percentile
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

Affected

5 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.2.22.2.2
lfprojectsmlflow>= 0 < 63ef72aa4334a6473ce7f889573c92fcae0b3c0d63ef72aa4334a6473ce7f889573c92fcae0b3c0d
lfprojectsmlflow>= 0 < 2.2.22.2.2
lfprojectsmlflow>= 0 < 2.2.12.2.1
mlflowmlflow_mlflow>= unspecified < 2.2.22.2.2

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ghsa3.3LOW
osv3.3LOW
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.