cbcvebase.
CVE-2023-6909
published 2023-12-18

CVE-2023-6909: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
89.72%
99.8th percentile
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

Affected

11 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.9.22.9.2
lfprojectsmlflow< 2.12.12.12.1
lfprojectsmlflow< 2.11.32.11.3
lfprojectsmlflow< f8d51e21523238280ebcfdb378612afd7844eca8f8d51e21523238280ebcfdb378612afd7844eca8
lfprojectsmlflow>= 0 < f8d51e21523238280ebcfdb378612afd7844eca8f8d51e21523238280ebcfdb378612afd7844eca8
lfprojectsmlflow>= 0 < 2.12.12.12.1
lfprojectsmlflow>= 0 < 2.9.22.9.2
lfprojectsmlflow>= 0 < 1da75dfcecd4d169e34809ade55748384e8af6c11da75dfcecd4d169e34809ade55748384e8af6c1
lfprojectsmlflow0 – 2.9.2
lfprojectsmlflow>= 2.9.2 < 2.12.12.12.1
mlflowmlflow_mlflow>= unspecified < 2.12.12.12.1

Detection & IOCsextracted from sources · hover to see the quote

urlGET /model-versions/get-artifact?path=passwd&name={{randstr}}&version=1 HTTP/1.1
pathhttp:///?/../../../../../../../../../../../../../../etc/
pathfile:///etc/
yara
regex: root:.*:0:0:
  • Exploit creates an experiment with a malicious artifact_location using path traversal sequences (e.g., /../../../) pointing to /etc/ to later read arbitrary files like /etc/passwd.
  • Exploit registers a model version with source set to file:///etc/ and then retrieves /etc/passwd via the get-artifact endpoint with path=passwd.
  • Successful exploitation is confirmed by the response body matching root:.*:0:0: (contents of /etc/passwd) and response headers containing filename=passwd and application/octet-stream.
  • Monitor for POST requests to /ajax-api/2.0/mlflow/experiments/create containing artifact_location values with path traversal sequences (../../) or file:// URI schemes.
  • Monitor for GET requests to /model-versions/get-artifact with path parameter values referencing sensitive system files (e.g., path=passwd).
  • Shodan/FOFA fingerprint for exposed MLflow instances: search for http.title:"mlflow", title="mlflow", or app="mlflow".
  • ·CVE-2023-6909 was subsequently bypassed in mlflow versions up to 2.11.0 (tracked as CVE-2024-3848) using a '#' character in the artifact URL fragment to skip validation. Detection rules should also cover the bypass variant.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.