cbcvebase.
CVE-2023-30172
published 2023-05-11

CVE-2023-30172: A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server…

PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.00%
58.3th percentile
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

Affected

3 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.0.12.0.1
lfprojectsmlflow>= 0 < 2.0.0rc02.0.0rc0
lfprojectsmlflow>= 0 < 2.0.12.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.