CVE-2023-6909
published 2023-12-18CVE-2023-6909: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
89.72%
99.8th percentile
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 2.9.2 | 2.9.2 |
| lfprojects | mlflow | < 2.12.1 | 2.12.1 |
| lfprojects | mlflow | < 2.11.3 | 2.11.3 |
| lfprojects | mlflow | < f8d51e21523238280ebcfdb378612afd7844eca8 | f8d51e21523238280ebcfdb378612afd7844eca8 |
| lfprojects | mlflow | >= 0 < f8d51e21523238280ebcfdb378612afd7844eca8 | f8d51e21523238280ebcfdb378612afd7844eca8 |
| lfprojects | mlflow | >= 0 < 2.12.1 | 2.12.1 |
| lfprojects | mlflow | >= 0 < 2.9.2 | 2.9.2 |
| lfprojects | mlflow | >= 0 < 1da75dfcecd4d169e34809ade55748384e8af6c1 | 1da75dfcecd4d169e34809ade55748384e8af6c1 |
| lfprojects | mlflow | 0 – 2.9.2 | — |
| lfprojects | mlflow | >= 2.9.2 < 2.12.1 | 2.12.1 |
| mlflow | mlflow_mlflow | >= unspecified < 2.12.1 | 2.12.1 |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: root:.*:0:0:
- →Exploit creates an experiment with a malicious artifact_location using path traversal sequences (e.g., /../../../) pointing to /etc/ to later read arbitrary files like /etc/passwd. ↗
- →Exploit registers a model version with source set to file:///etc/ and then retrieves /etc/passwd via the get-artifact endpoint with path=passwd. ↗
- →Successful exploitation is confirmed by the response body matching root:.*:0:0: (contents of /etc/passwd) and response headers containing filename=passwd and application/octet-stream. ↗
- →Monitor for POST requests to /ajax-api/2.0/mlflow/experiments/create containing artifact_location values with path traversal sequences (../../) or file:// URI schemes. ↗
- →Monitor for GET requests to /model-versions/get-artifact with path parameter values referencing sensitive system files (e.g., path=passwd). ↗
- →Shodan/FOFA fingerprint for exposed MLflow instances: search for http.title:"mlflow", title="mlflow", or app="mlflow". ↗
- ·CVE-2023-6909 was subsequently bypassed in mlflow versions up to 2.11.0 (tracked as CVE-2024-3848) using a '#' character in the artifact URL fragment to skip validation. Detection rules should also cover the bypass variant. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MLflow has a Local File Read/Path Traversal bypass
ghsa·2024-05-16·CVSS 7.5
CVE-2024-3848 [HIGH] CWE-22 MLflow has a Local File Read/Path Traversal bypass
MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitra
OSV
CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2
osv·2024-05-16·CVSS 7.5
CVE-2024-3848 [HIGH] CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
OSV
MLflow has a Local File Read/Path Traversal bypass
osv·2024-05-16·CVSS 7.5
CVE-2024-3848 [HIGH] MLflow has a Local File Read/Path Traversal bypass
MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitra
GHSA
mlflow vulnerable to Path Traversal
ghsa·2024-04-16·CVSS 7.5
CVE-2024-1594 [HIGH] CWE-22 mlflow vulnerable to Path Traversal
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
OSV
mlflow vulnerable to Path Traversal
osv·2024-04-16·CVSS 7.5
CVE-2024-1594 [HIGH] mlflow vulnerable to Path Traversal
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.
GHSA
MLflow Path Traversal Vulnerability
ghsa·2023-12-20
CVE-2023-6909 [HIGH] CWE-29 MLflow Path Traversal Vulnerability
MLflow Path Traversal Vulnerability
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
OSV
MLflow Path Traversal Vulnerability
osv·2023-12-20
CVE-2023-6909 [HIGH] MLflow Path Traversal Vulnerability
MLflow Path Traversal Vulnerability
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
OSV
CVE-2023-6909: Path Traversal: '\
osv·2023-12-18
CVE-2023-6909 CVE-2023-6909: Path Traversal: '\
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
VulnCheck
lfprojects mlflow Path Traversal: '\..\filename'
vulncheck·2023·CVSS 7.5
CVE-2023-6909 [HIGH] lfprojects mlflow Path Traversal: '\..\filename'
lfprojects mlflow Path Traversal: '\..\filename'
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Affected: lfprojects mlflow
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-04-30&host_type=src&vulnerability=cve-2023-6909
No detection rules found.
Nuclei
Mlflow <2.9.2 - Path Traversal
nuclei·CVSS 7.5
CVE-2023-6909 [HIGH] Mlflow <2.9.2 - Path Traversal
Mlflow <2.9.2 - Path Traversal
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Template:
id: CVE-2023-6909
info:
name: Mlflow <2.9.2 - Path Traversal
author: Hyunsoo-ds
severity: high
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
impact: |
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
remediation: |
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
reference:
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
- https://nvd.nist.gov/vuln/detail/CVE-2023-6909
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
classification:
cvss-met
Nuclei
Mlflow < 2.11.0 - Path Traversal
nuclei·CVSS 7.5
CVE-2024-3848 [HIGH] Mlflow < 2.11.0 - Path Traversal
Mlflow < 2.11.0 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read throu
2023-12-18
Published
Exploited in the wild