exploitDog

CVE-2023-6014

Опубликовано: 16 нояб. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 9.8

EPSS Низкий

Описание

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

Ссылки

https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4
Exploit
Issue Tracking
Third Party Advisory
https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00875

Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-598

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4qq5-mxxx-m6gg

CVSS3: 9.1

github

около 2 лет назад

MLflow authentication requirement bypass can allow a user to arbitrarily create an account

EPSS

Процентиль: 75%

0.00875

Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-598

NVD-CWE-noinfo