cbcvebase.
CVE-2023-2356
published 2023-04-28

CVE-2023-2356: Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.15%
89.6th percentile
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

Affected

4 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.3.12.3.1
lfprojectsmlflow>= 0 < 2.3.12.3.1
lfprojectsmlflow>= 0 < f73147496e05c09a8b83d95fb4f1bf86696c6342f73147496e05c09a8b83d95fb4f1bf86696c6342
mlflowmlflow_mlflow>= unspecified < 2.3.12.3.1

Detection & IOCsextracted from sources · hover to see the quote

url/api/2.0/mlflow/registered-models/create
url/api/2.0/mlflow/model-versions/create
url/model-versions/get-artifact?path=etc/passwd&name={{str}}&version={{version}}
pathfile://{{Hostname}}/../../../../../../../
  • Detect path traversal attempts in the 'source' field of model-versions/create requests: look for 'file://' URIs containing '../' sequences in POST body to /api/2.0/mlflow/model-versions/create.
  • Detect LFI exploitation via GET requests to /model-versions/get-artifact with 'path' parameter containing sensitive file references (e.g., etc/passwd).
  • Shodan/FOFA fingerprint for exposed MLflow instances: search for http.title:"mlflow", app="MLflow", or title="mlflow".
  • Successful exploitation response contains Unix /etc/passwd content; match regex root:[x*]:0:0 with HTTP 200 status.
  • ·Vulnerability affects MLflow versions prior to 2.3.1; the exploit requires no authentication (PR:N, UI:N) and is network-accessible.
  • ·The attack is a 3-step chain requiring the ability to create registered models and model versions via the MLflow REST API; all three requests must succeed for full exploitation.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.