CVE-2023-6977
published 2023-12-20CVE-2023-6977: This vulnerability enables malicious users to read sensitive files on the server.
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.92%
89.0th percentile
This vulnerability enables malicious users to read sensitive files on the server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | >= 0 < 2.9.2 | 2.9.2 |
| lfprojects | mlflow | >= 1.0.0 < 2.9.2 | 2.9.2 |
| mlflow | mlflow_mlflow | >= unspecified < 2.9.2 | 2.9.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation involves a 3-step HTTP sequence: (1) create a registered model via POST to /ajax-api/2.0/mlflow/registered-models/create, (2) create a model version with source set to '//proc/self/root' via POST to /ajax-api/2.0/mlflow/model-versions/create, (3) retrieve the artifact via GET to /model-versions/get-artifact with path=etc%2Fpasswd to read /etc/passwd. ↗
- →Successful exploitation is confirmed by the presence of 'root:.*:0:0:' in the response body AND response headers containing both 'filename=passwd' and 'application/octet-stream', with HTTP status 200. ↗
- →Exposed MLflow instances can be discovered via Shodan (http.title:"mlflow"), FOFA (title="mlflow" or app="mlflow"), or Google (intitle:"mlflow") to identify potential targets. ↗
- →The path traversal payload uses double-slash prefix '//proc/self/root' as the model version source to anchor traversal to the filesystem root, bypassing path sanitization. ↗
- ·The vulnerability affects MLflow versions before 2.8.0 only. The fix is available in version 2.9.2 or later. ↗
- ·No authentication is required to exploit this vulnerability (PR:N, UI:N per CVSS vector), meaning any unauthenticated network attacker can trigger the LFI. ↗
- ·This template is marked 'intrusive' — running the detection probe creates actual registered models and model versions in the target MLflow instance as a side effect. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MLflow Local File Disclosure Vulnerability
ghsa·2023-12-20
CVE-2023-6977 [HIGH] CWE-29 MLflow Local File Disclosure Vulnerability
MLflow Local File Disclosure Vulnerability
This vulnerability enables malicious users to read sensitive files on the server.
OSV
MLflow Local File Disclosure Vulnerability
osv·2023-12-20
CVE-2023-6977 [HIGH] MLflow Local File Disclosure Vulnerability
MLflow Local File Disclosure Vulnerability
This vulnerability enables malicious users to read sensitive files on the server.
No detection rules found.
Nuclei
Mlflow <2.8.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2023-6977 [HIGH] Mlflow <2.8.0 - Local File Inclusion
Mlflow <2.8.0 - Local File Inclusion
Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2023-6977
info:
name: Mlflow <2.8.0 - Local File Inclusion
author: gy741
severity: high
description: |
Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation could allow an attacker to read sensitive file
2023-12-20
Published