Home > Vulnerability Database > CVE-2024-1593

Mend.io Vulnerability Database

CVE-2024-1593

Date: April 15, 2024

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.

Language: Python

Severity Score

7.5

Related Resources (4)

Url: https://github.com/mlflow/mlflow

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1593

Url: https://huntr.com/bounties/dbdc6bd6-d09a-46f2-9d9c-5138a14b6e31

Url: https://www.mend.io/vulnerability-database/CVE-2024-1593

Severity Score

7.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1593

Date: April 15, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?