cbcvebase.
CVE-2023-2780
published 2023-05-17

CVE-2023-2780: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.31%
92.7th percentile
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

Affected

5 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.3.12.3.1
lfprojectsmlflow>= 0 < 2.3.02.3.0
lfprojectsmlflow>= 0 < fae77a525dd908c56d6204a4cef1c1c75b4e9857fae77a525dd908c56d6204a4cef1c1c75b4e9857
lfprojectsmlflow>= 0 < 2.3.12.3.1
mlflowmlflow_mlflow>= unspecified < 2.3.12.3.1

Detection & IOCsextracted from sources · hover to see the quote

url/ajax-api/2.0/mlflow/registered-models/create
url/ajax-api/2.0/mlflow/model-versions/create
url/model-versions/get-artifact?path=passwd&name={{randstr}}&version={{version}}
command{"name":"{{randstr}}","source":"file://./etc"}
  • Successful exploitation is confirmed by matching 'root:.*:0:0:' in the HTTP 200 response body, indicating /etc/passwd was returned.
  • Shodan/FOFA fingerprinting: exposed MLflow instances can be identified via HTTP title 'mlflow'. Use shodan-query 'http.title:"mlflow"' or FOFA 'title="mlflow"' to find targets.
  • ·The exploit requires no authentication (PR:N, UI:N per CVSS), but the three-step chain must be executed in sequence: model creation → version creation with malicious source → artifact fetch. The 'version' value must be extracted dynamically from the model-versions/create response before the final GET request.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.