Vulnerability Description
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lfprojects | Mlflow | < 2.9.2 |
Related Weaknesses (CWE)
References
- https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbcPatch
- https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20fExploitThird Party Advisory
- https://github.com/mlflow/mlflow/commit/5044878da0c1851ccfdd5c0a867157ed9a502fbcPatch
- https://huntr.com/bounties/2408a52b-f05b-4cac-9765-4f74bac3f20fExploitThird Party Advisory
FAQ
What is CVE-2023-6976?
CVE-2023-6976 is a vulnerability with a CVSS score of 8.8 (HIGH). This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
How severe is CVE-2023-6976?
CVE-2023-6976 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6976?
Check the references section above for vendor advisories and patch information. Affected products include: Lfprojects Mlflow.