Back to overview

CVE-2023-6977

CRITICAL
10.0
CVSS 3.0
Description
This vulnerability enables malicious users to read sensitive files on the server.

Metadata

CVE ID
CVE-2023-6977
State
PUBLISHED
Assigner
@huntr_ai
Reserved
2023-12-20 05:36 UTC
Published
2023-12-20 05:37 UTC
Last updated
2024-08-02 08:50 UTC
Primary CWE
CWE-29
CWE-29 Path Traversal: '\..\filename'
Vendor / Product
mlflow / mlflow/mlflow
Sources
cve.org  ·  NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Affected products (1)
VendorProductPlatformVersions
mlflow mlflow/mlflow unspecified < 2.9.2
Weakness (CWE)
CWESourceDescription
CWE-29 cna CWE-29 Path Traversal: '\..\filename'
CVSS scores (1)
ScoreSeverityVersionSourceVector
10.0 CRITICAL 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
References (2)
Back to overview