.. / CVE-2023-2780

Exploit for Mlflow <2.3.1 - Local File Inclusion Bypass (CVE-2023-2780)

Description:

Path Traversal: ‘..\filename’ in GitHub repository mlflow/mlflow prior to 2.3.1.

Nuclei Template

View the template here CVE-2023-2780.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-2780.yaml
Copy

References:

https://github.com/Ostorlab/KEV
https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689/
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://nvd.nist.gov/vuln/detail/CVE-2023-2780