CVE-2023-30172 Information

Description

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.

Reference

https://github.com/mlflow/mlflow/issues/7166 https://github.com/mlflow/mlflow/issues/7166#issuecomment-1541543234