What is the severity of CVE-2023-6831?

CVE-2023-6831 has a medium severity rating due to its impact on file system security.

How do I fix CVE-2023-6831?

To fix CVE-2023-6831, update the mlflow package to version 2.9.2 or later.

What are the potential risks associated with CVE-2023-6831?

If exploited, CVE-2023-6831 could allow attackers to access restricted files on the server.

Which versions of mlflow are affected by CVE-2023-6831?

CVE-2023-6831 affects all versions of mlflow prior to 2.9.2.

Is CVE-2023-6831 a remote or local vulnerability?

CVE-2023-6831 is a remote vulnerability allowing unauthorized access from an external source.

Vulnerability/
CVE-2023-6831

critical

CWE

29 22

EPSS

0.046%

15/12/2023

2/8/2024

CVE-2023-6831: Path Traversal: '\..\filename' in mlflow/mlflow

First published: Fri Dec 15 2023(Updated: )

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

Credit: security@huntr.dev security@huntr.dev

Affected Software	Affected Version	How to fix
pip/mlflow	<2.9.2	2.9.2
MLflow	<2.9.2

Remedy

https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-6831?
CVE-2023-6831 has a medium severity rating due to its impact on file system security.
How do I fix CVE-2023-6831?
To fix CVE-2023-6831, update the mlflow package to version 2.9.2 or later.
What are the potential risks associated with CVE-2023-6831?
If exploited, CVE-2023-6831 could allow attackers to access restricted files on the server.
Which versions of mlflow are affected by CVE-2023-6831?
CVE-2023-6831 affects all versions of mlflow prior to 2.9.2.
Is CVE-2023-6831 a remote or local vulnerability?
CVE-2023-6831 is a remote vulnerability allowing unauthorized access from an external source.

agent/author
agent/type
agent/first-publish-date
agent/remedy
agent/title
agent/description
agent/event
agent/weakness
collector/epss-latest
source/FIRST
agent/epss
collector/github-advisory-latest
source/GitHub
alias/GHSA-554w-xh4j-8w64
alias/CVE-2023-6831
agent/software-canonical-lookup
agent/references
agent/severity
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
agent/softwarecombine
package-manager/pip
vendor/lfprojects
canonical/mlflow

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.