CVE-2023-43472

HIGH NUCLEI

MLFlow < 2.8.1 - Information Disclosure via REST API

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-43472 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

Nuclei Templates (1)

MLFlow < 2.8.1 - Sensitive Information Disclosure
HIGHVERIFIEDby ritikchaddha
Shodan: http.title:"mlflow"
FOFA: app="MLflow"

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.3658
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (2)
lfprojects/mlflow < 2.8.1
pypi/mlflow 0 - 2.9.0PyPI
Published Dec 05, 2023
Tracked Since Feb 18, 2026