CVE-2023-30172
published 2023-05-11CVE-2023-30172: A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.00%
58.3th percentile
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 2.0.1 | 2.0.1 |
| lfprojects | mlflow | >= 0 < 2.0.0rc0 | 2.0.0rc0 |
| lfprojects | mlflow | >= 0 < 2.0.1 | 2.0.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mflow vulnerable to directory traversal
osv·2023-05-11
CVE-2023-30172 [HIGH] mflow vulnerable to directory traversal
mflow vulnerable to directory traversal
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform prior to v2.0.0 allows attackers to read arbitrary files on the server via the path parameter.
OSV
CVE-2023-30172: A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2
osv·2023-05-11
CVE-2023-30172 CVE-2023-30172: A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
GHSA
mflow vulnerable to directory traversal
ghsa·2023-05-11
CVE-2023-30172 [HIGH] CWE-22 mflow vulnerable to directory traversal
mflow vulnerable to directory traversal
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform prior to v2.0.0 allows attackers to read arbitrary files on the server via the path parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-11
Published