CVE-2023-43472

HIGH NUCLEI

MLFlow <2.8.1 - Info Disclosure

Title source: llm

Description

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

Nuclei Templates (1)

MLFlow < 2.8.1 - Sensitive Information Disclosure
HIGHVERIFIEDby ritikchaddha
Shodan: http.title:"mlflow"
FOFA: app="MLflow"

References (1)

Scores

CVSS v3 7.5
EPSS 0.7443
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (2)
lfprojects/mlflow < 2.8.1
pypi/mlflow 0 - 2.9.0PyPI
Published Dec 05, 2023
Tracked Since Feb 18, 2026