Path traversal in MLflow · CVE-2023-6831 · GitHub Advisory Database · GitHub

Path traversal in MLflow

Critical severity GitHub Reviewed Published Dec 15, 2023 to the GitHub Advisory Database • Updated Feb 14, 2024

Package

mlflow (pip)

Affected versions

< 2.9.2

Patched versions

2.9.2

Description

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

References

Published by the National Vulnerability Database

Dec 15, 2023

Published to the GitHub Advisory Database Dec 15, 2023

Reviewed Dec 15, 2023

Last updated Feb 14, 2024

Severity

Critical

10.0

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H