CVE-2024-1560
published 2024-04-16CVE-2024-1560: A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path…
PriorityP350high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.86%
53.8th percentile
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | <= 2.9.2 | — |
| lfprojects | mlflow | 0 – 2.9.2 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
ghsa8.1HIGH
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mlflow vulnerable to Path Traversal
osv·2024-04-16·CVSS 8.1
CVE-2024-1560 [HIGH] mlflow vulnerable to Path Traversal
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
GHSA
mlflow vulnerable to Path Traversal
ghsa·2024-04-16·CVSS 8.1
CVE-2024-1560 [HIGH] CWE-22 mlflow vulnerable to Path Traversal
mlflow vulnerable to Path Traversal
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
No detection rules found.
No public exploits indexed.
2024-04-16
Published