CVE-2023-6831
published 2023-12-15CVE-2023-6831: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
PriorityP354high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EXPLOIT
EPSS
3.29%
86.9th percentile
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 2.9.2 | 2.9.2 |
| lfprojects | mlflow | <= 2.9.2 | — |
| lfprojects | mlflow | >= 0 < 2.9.2 | 2.9.2 |
| lfprojects | mlflow | >= 0 < 1da75dfcecd4d169e34809ade55748384e8af6c1 | 1da75dfcecd4d169e34809ade55748384e8af6c1 |
| lfprojects | mlflow | 0 – 2.9.2 | — |
| mlflow | mlflow_mlflow | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
urlPUT /api/2.0/mlflow-artifacts/artifacts/{{randstr}} HTTP/1.1
urlDELETE /api/2.0/mlflow-artifacts/artifacts/%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252fpasswd HTTP/1.1
path/api/2.0/mlflow-artifacts/artifacts/
- →Detect double-URL-encoded path traversal sequences in DELETE requests to the MLflow artifacts API endpoint. The payload uses %252E%252E%252F (double-encoded '../') to escape the artifact root.
- →A successful exploitation attempt returns HTTP 500 with a JSON body of '{}' and headers containing both 'Content-Type: application/json' and 'Server: gunicorn'.
- →Attackers first stage a PUT request to create an artifact, then issue a DELETE with a traversal path to delete arbitrary files. Monitor for sequential PUT then DELETE to /api/2.0/mlflow-artifacts/artifacts/ from the same source.
- →Use Shodan/FOFA/Google dorks to identify exposed MLflow instances as potential targets: Shodan 'http.title:"mlflow"', FOFA 'title="mlflow"' or 'app="mlflow"', Google 'intitle:"mlflow"'.
- ·The vulnerability requires authentication (PR:L). Exploitation is only possible by a low-privileged authenticated user, not unauthenticated attackers.
- ·The path traversal uses double URL-encoding (%252E%252E%252F) to bypass server-side decoding. Detection rules must decode twice or match on the encoded form directly.
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
ghsa8.1HIGH
osv8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mlflow vulnerable to Path Traversal
osv·2024-04-16·CVSS 8.1
CVE-2024-1560 [HIGH] mlflow vulnerable to Path Traversal
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
GHSA
mlflow vulnerable to Path Traversal
ghsa·2024-04-16·CVSS 8.1
CVE-2024-1560 [HIGH] CWE-22 mlflow vulnerable to Path Traversal
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
GHSA
Path traversal in MLflow
ghsa·2023-12-15
CVE-2023-6831 [CRITICAL] CWE-22 Path traversal in MLflow
Path traversal in MLflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
OSV
Path traversal in MLflow
osv·2023-12-15
CVE-2023-6831 [CRITICAL] Path traversal in MLflow
Path traversal in MLflow
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
OSV
CVE-2023-6831: Path Traversal: '\
osv·2023-12-15
CVE-2023-6831 CVE-2023-6831: Path Traversal: '\
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
No detection rules found.
Nuclei
mlflow - Path Traversal
nuclei·CVSS 8.1
CVE-2023-6831 [HIGH] mlflow - Path Traversal
mlflow - Path Traversal
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Template:
id: CVE-2023-6831
info:
name: mlflow - Path Traversal
author: byObin
severity: high
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
impact: |
Authenticated attackers can exploit path traversal vulnerabilities to delete arbitrary files on mlflow servers through crafted API requests.
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:
2023-12-15
Published