Security Advisory

CVE-2024-1483

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-16 00:00:14

Last updated 2024-08-01 18:40:21

Assigner @huntr_ai

State PUBLISHED

Description

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted artifact_location and source parameters, using a local URI with # instead of ?, an attacker can traverse the servers directory structure. The issue occurs due to insufficient validation of user-supplied input in the servers handlers.

← Browse all CVEs View on cve.org ↗