CVE-2023-6976

EUVD-2023-3319
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
@huntr_aiCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
lfprojectsmlflow
𝑥
< 2.9.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc
https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f
https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbc
https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20f