.. / CVE-2023-1177

Exploit for Mlflow <2.2.1 - Local File Inclusion (CVE-2023-1177)

Description:

Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal ..\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2023-1177.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-1177.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-1177
https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1177
https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28