CRITICAL🇵🇱 Wersja polska

CVE-2023-6975

CVSS 9.8v3.1pub. 2023-12-20upd. 2024-11-21

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-29 (Path Traversal: '\..\filename') allows an attacker to escape the permitted directory by using crafted paths in a network request. By exploiting this flaw, a malicious user can cause arbitrary system commands to be executed on the server hosting MLflow. The attack vector is network-based, with no authentication requirements or attack complexity.

Impact

An attacker can obtain remote code execution (RCE) on the vulnerable server, and consequently gain unauthorized access to data, machine learning models, and other system resources.

Mitigation & patch

MLflow should be updated to a version containing commit b9ab9ed77e1deda9697fe472fb1079fd428149ee or later. Detailed information is available in the vendor references and on the huntr.com platform.

Who is affected

MLflow product delivered by Lfprojects — versions indicated in vendor references (fix commit: b9ab9ed77e1deda9697fe472fb1079fd428149ee).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Lfprojects Mlflow

    APP
    Lfprojects
    < 2.9.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-2651CRITICAL9.0PL ✓ten sam produkt

MLflow: nieautoryzowany dostęp do endpointów multipart upload (RCE)

CVE-2026-2611CRITICAL9.6PL ✓ten sam produkt

MLflow: nieprawidłowa walidacja origin umożliwia RCE przez cross-origin request

CVE-2026-0545CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia w endpointach FastAPI jobs w MLflow (Auth Bypass / RCE)

CVE-2025-15379CRITICAL9.8PL ✓ten sam produkt

Command injection w MLflow podczas inicjalizacji kontenera modelu

CVE-2025-15036CRITICAL10.0PL ✓ten sam produkt

Path traversal w MLflow — nadpisanie plików i eskalacja uprawnień