CVE-2023-43472

Affects: MLflow

CVSS: HIGH · 7.5v3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: 2023-12-05
Source: nvd.nist.gov/vuln/detail/CVE-2023-43472

Description

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

References

https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security

How GTK Cyber trains on this

AI security training at GTK Cyber covers the LLM and ML-pipeline vulnerability classes that vulnerabilities like CVE-2023-43472 fall into. Our hands-on courses are taught by Charles Givre and other practitioners who break and defend production AI systems.

AI Red-Teaming course →·Browse MITRE ATLAS techniques

Related AI/LLM CVEs

CVE-2026-2651(CRITICAL)
CVE-2026-2734(MEDIUM)
CVE-2026-2611(CRITICAL)
CVE-2026-4137(HIGH)
CVE-2026-2652(HIGH)
CVE-2026-2393(HIGH)
CVE-2026-2614(HIGH)
CVE-2026-33865(MEDIUM)

AI security training, taught by people who do the work.

Hands-on courses on adversarial AI, prompt injection, and ML pipeline security.

Explore AI Red-Teaming