Vulnerabilities > CVE-2023-3765 - Absolute Path Traversal vulnerability in Lfprojects Mlflow

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

lfprojects

CWE-36

critical

NVD

Published: 2023-07-19

Updated: 2023-07-28

Summary

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

Vulnerable Configurations

Part	Description	Count
Application	Lfprojects Lfprojects Mlflow - Lfprojects Mlflow 0.2.0 Lfprojects Mlflow 0.2.1 Lfprojects Mlflow 0.3.0 Lfprojects Mlflow 0.4.0 Lfprojects Mlflow 0.4.1 Lfprojects Mlflow 0.4.2 Lfprojects Mlflow 0.5.0 Lfprojects Mlflow 0.5.1 Lfprojects Mlflow 0.5.2 Lfprojects Mlflow 0.6.0 Lfprojects Mlflow 0.7 Lfprojects Mlflow 0.7.0 Lfprojects Mlflow 0.8.0 Lfprojects Mlflow 0.8.1 Lfprojects Mlflow 0.8.2 Lfprojects Mlflow 0.9.0 Lfprojects Mlflow 0.9.1 Lfprojects Mlflow 1.0.0 Lfprojects Mlflow 1.1.0 Lfprojects Mlflow 1.2.0 Lfprojects Mlflow 1.3.0 Lfprojects Mlflow 1.4.0 Lfprojects Mlflow 1.5.0 Lfprojects Mlflow 1.6.0 Lfprojects Mlflow 1.7.0 Lfprojects Mlflow 1.7.1 Lfprojects Mlflow 1.7.2 Lfprojects Mlflow 1.8.0 Lfprojects Mlflow 1.9.0 Lfprojects Mlflow 1.9.1 Lfprojects Mlflow 1.10.0 Lfprojects Mlflow 1.11.0 Lfprojects Mlflow 1.12.0 Lfprojects Mlflow 1.12.1 Lfprojects Mlflow 1.13.0 Lfprojects Mlflow 1.13.1 Lfprojects Mlflow 1.14.0 Lfprojects Mlflow 1.14.1 Lfprojects Mlflow 1.15.0 Lfprojects Mlflow 1.16.0 Lfprojects Mlflow 1.17.0 Lfprojects Mlflow 1.18.0 Lfprojects Mlflow 1.19.0 Lfprojects Mlflow 1.20.0 Lfprojects Mlflow 1.20.1 Lfprojects Mlflow 1.20.2 Lfprojects Mlflow 1.21.0 Lfprojects Mlflow 1.22.0 Lfprojects Mlflow 1.23.0 Lfprojects Mlflow 1.23.1 Lfprojects Mlflow 1.24.0 Lfprojects Mlflow 1.25.0 Lfprojects Mlflow 1.25.1 Lfprojects Mlflow 1.26.0 Lfprojects Mlflow 1.26.1 Lfprojects Mlflow 1.27.0 Lfprojects Mlflow 1.28.0 Lfprojects Mlflow 1.29.0 Lfprojects Mlflow 1.30.0 Lfprojects Mlflow 2.0.0 Lfprojects Mlflow 2.0.1 Lfprojects Mlflow 2.1.0 Lfprojects Mlflow 2.1.1 Lfprojects Mlflow 2.2.0 Lfprojects Mlflow 2.2.1 Lfprojects Mlflow 2.2.2 Lfprojects Mlflow 2.3.0 Lfprojects Mlflow 2.3.1 Lfprojects Mlflow 2.3.2 Lfprojects Mlflow 2.4.0 Lfprojects Mlflow 2.4.1 Lfprojects Mlflow 2.4.2	73
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-36 - Absolute Path Traversal

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References