{"data":{"id":"71eee6c4-b5d8-4a96-b038-8b0cddcf2105","title":"CVE-2024-4263: A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with onl","summary":"MLflow (a tool for managing machine learning experiments) versions before 2.10.1 have a broken access control vulnerability where users with only EDIT permissions can delete artifacts (saved files or data from experiments) they shouldn't be able to delete. The bug happens because the system doesn't properly check permissions when users request to delete artifacts, even though the documentation says EDIT users should only be able to read and update, not delete.","solution":"Update mlflow to version 2.10.1 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-4263","publishedAt":"2024-05-16T13:15:16.037Z","cveId":"CVE-2024-4263","cweIds":["CWE-284"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MLflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00062,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}