CVE-2023-43472 PoC — MLFlow 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-43472.yaml

Associated Vulnerability

Title:MLFlow 安全漏洞 (CVE-2023-43472)
Description:Mlflow是一个机器学习生命周期的开源平台。 MLFlow 2.8.1版本及之前版本存在安全漏洞。远程攻击者利用该漏洞通过特制的 REST API 请求获取敏感信息。

Description

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

File Snapshot


 id: CVE-2023-43472

info:
  name: MLFlow < 2.8.1 - Sensitive Information Disclosure
  author: ritikc

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.