CVE-2023-30172: A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers
highvulnerability
security
Summary
CVE-2023-30172 is a directory traversal vulnerability (a flaw where attackers can access files outside the intended folder by manipulating file paths) in the /get-artifact API method of MLflow platform versions up to v2.0.1. Attackers can exploit the path parameter to read arbitrary files stored on the server.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.4%
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedTraining Data
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-30172
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 85%