A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-16T00:00:14.507Z
Updated: 2024-08-01T18:48:20.634Z
Reserved: 2024-02-16T21:42:41.714Z
Link: CVE-2024-1594
Vulnrichment
Updated: 2024-08-01T18:48:20.634Z
NVD
Status : Awaiting Analysis
Published: 2024-04-16T00:15:09.417
Modified: 2024-04-16T13:24:07.103
Link: CVE-2024-1594
Redhat
No data.