漏洞描述
MLflow 是一个机器学习的开源平台。MLflow 开源平台 get-artifact 存在目录遍历漏洞,攻击者可读取系统所有敏感文件。
MLflow get-artifact 目录遍历漏洞(CVE-2024-2928)
PoC代码
暂无相关漏洞推荐
- POC jfrog-artifactory-exposure: JFrog Artifactory Artifacts Exposure
- WSO2 API Manager /carbon/generic/save_artifact_ajaxprocessor.jsp XML 外部实体注入漏洞(CVE-2020-24589)
- POC CVE-2023-1177: Mlflow <2.2.1 - Local File Inclusion
- POC CVE-2023-2356: Mlflow <2.3.0 - Local File Inclusion
- POC CVE-2023-2780: Mlflow <2.3.1 - Local File Inclusion Bypass
- POC CVE-2023-3765: MLflow Absolute Path Traversal
- POC CVE-2023-43472: MLFlow < 2.8.1 - Sensitive Information Disclosure
- POC CVE-2023-6018: Mlflow - Arbitrary File Write
- POC CVE-2023-6568: Mlflow - Cross-Site Scripting
- POC CVE-2023-6831: mlflow - Path Traversal
- POC CVE-2023-6909: Mlflow <2.9.2 - Path Traversal
- POC CVE-2023-6977: Mlflow <2.8.0 - Local File Inclusion
- POC CVE-2024-1483: Mlflow < 2.9.2 - Path Traversal