# 路径遍历:'\..\filename' 在 mlflow/mlflow 中
## 漏洞概述
该漏洞为路径遍历漏洞,允许攻击者通过特定的路径规则 `..\filename` 访问未授权的文件。该漏洞存在于 GitHub 仓库 `mlflow/mlflow` 的某些版本中。
## 影响版本
- 版本:2.2.1 之前的所有版本
## 漏洞细节
攻击者可以利用路径遍历漏洞,通过 `..\filename` 的路径规则,访问目标系统中未授权的文件,进而获取敏感信息或执行进一步的攻击行动。
## 漏洞影响
- 允许未经授权的用户访问系统中的敏感文件。
- 可能导致敏感信息泄露。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | None | https://github.com/hh-hunter/ml-CVE-2023-1177 | POC详情 |
| 2 | CVE for 2023 | https://github.com/iumiro/CVE-2023-1177-MLFlow | POC详情 |
| 3 | Learn more things, not suck all things | https://github.com/tiyeume25112004/CVE-2023-1177-rebuild | POC详情 |
| 4 | MLflow LFI/RFI Vulnerability -CVE-2023-1177 - Reproduced | https://github.com/saimahmed/MLflow-Vuln | POC详情 |
| 5 | MLFlow Path Traversal | https://github.com/charlesgargasson/CVE-2023-1177 | POC详情 |
| 6 | Learn more things, not suck all things | https://github.com/SpycioKon/CVE-2023-1177-rebuild | POC详情 |
| 7 | Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \..\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-1177.yaml | POC详情 |
| 8 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/MLflow%20get-artifact%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2023-1177.md | POC详情 |
| 9 | PoC of CVE-2023-1177 vulnerability in MLflow (Reproduce) | https://github.com/paultheal1en/CVE-2023-1177-PoC-reproduce | POC详情 |