{"vulnerability": "CVE-2023-6831", "sightings": [{"uuid": "35547d2b-def6-4244-b1c9-0b8434ee9524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6831", "type": "seen", "source": "https://t.me/arpsyndicate/4699", "content": "#ExploitObserverAlert\n\nCVE-2024-1560\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1560. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.\n\nFIRST-EPSS: 0.000430000\nARPS-EXPLOITABILITY: 0.9019774", "creation_timestamp": "2024-04-18T05:53:41.000000Z"}, {"uuid": "ecfe7bab-bddf-4db7-81c2-f708dddf7a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6831", "type": "seen", "source": "https://t.me/ctinow/166457", "content": "https://ift.tt/TdzfiBJ\nCVE-2023-6831 | mlflow up to 2.9.1 path traversal", "creation_timestamp": "2024-01-11T11:27:09.000000Z"}, {"uuid": "17b5913b-e532-4619-aa2e-3d033005e7a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6831", "type": "seen", "source": "https://t.me/ctinow/157890", "content": "https://ift.tt/HFVExU1\nCVE-2023-6831 Exploit", "creation_timestamp": "2023-12-21T19:16:57.000000Z"}]}