|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-05-14 | |
| Rule Name: | Mlflow Path Traversal Vulnerability (CVE-2023-6831 CVE-2023-6015) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Mlflow is an open source machine learning lifecycle management platform designed to simplify the development, tracking, deployment, and management of machine learning projects. It supports the entire machine learning workflow from experiment tracking, model registration, model deployment to project packaging. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3 |
|
| Solutions |
|---|
| Please refer to announcements or patches release by the vendor: https://github.com/mlflow/mlflow/pull/10330 |