Directory Traversal Vulnerability in mlflow Platform (up to v2.0.1) Allows Arbitrary File Read

Directory Traversal Vulnerability in mlflow Platform (up to v2.0.1) Allows Arbitrary File Read

CVE-2023-30172 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

Learn more about our Cis Benchmark Audit For Server Software.