Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Access Control in mlflow/mlflow
Vulnerability Description
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Mlflow 访问控制错误漏洞
Vulnerability Description
Mlflow是一个机器学习生命周期的开源平台。 Mlflow 2.10.1之前版本存在访问控制错误漏洞,该漏洞源于访问控制不正确。
CVSS Information
N/A
Vulnerability Type
N/A