Filtered by vendor Lfprojects
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6975 | 1 Lfprojects | 1 Mlflow | 2023-12-29 | N/A | 9.8 CRITICAL |
| A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | |||||
| CVE-2023-6974 | 1 Lfprojects | 1 Mlflow | 2023-12-29 | N/A | 9.8 CRITICAL |
| A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | |||||
| CVE-2023-6018 | 1 Lfprojects | 1 Mlflow | 2023-11-29 | N/A | 9.8 CRITICAL |
| An attacker can overwrite any file on the server hosting MLflow without any authentication. | |||||
| CVE-2023-6014 | 1 Lfprojects | 1 Mlflow | 2023-11-24 | N/A | 9.8 CRITICAL |
| An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | |||||
| CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2023-07-28 | N/A | 10.0 CRITICAL |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||||