A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-16T00:00:14.123Z
Updated: 2024-08-01T18:48:20.648Z
Reserved: 2024-02-16T21:29:53.956Z
Link: CVE-2024-1593
Vulnrichment
Updated: 2024-08-01T18:48:20.648Z
NVD
Status : Awaiting Analysis
Published: 2024-04-16T00:15:09.247
Modified: 2024-04-16T13:24:07.103
Link: CVE-2024-1593
Redhat
No data.