CVE-2023-3765

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Jul 19, 2023

Updated: Jul 28, 2023

CWE ID 36

Summary

CVE-2023-3765 is a newly disclosed vulnerability affecting the mlflow GitHub repository before version 2.5.0. This issue involves an Absolute Path Traversal vulnerability, which allows an attacker to potentially gain unauthorized access to sensitive files or data by manipulating the file path during a GitHub repository interaction. Successful exploitation could result in the leakage of confidential information or unintended code execution. Users are advised to upgrade to the latest version of mlflow to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Lfprojects Mlflow

Affected Vendors

LF Projects, LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCjDwU
https://www.cve.org/CVERecord?id=CVE-2023-3765
https://nvd.nist.gov/vuln/detail/CVE-2023-3765

Back to Vulnerability Database