cbcvebase.
CVE-2024-2928
published 2024-06-06

CVE-2024-2928: A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This…

PriorityP267high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
21.85%
97.3th percentile
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.

Affected

5 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.11.32.11.3
lfprojectsmlflow< 96f0b573a73d8eedd6735a2ce26e08859527be0796f0b573a73d8eedd6735a2ce26e08859527be07
lfprojectsmlflow>= 0 < 2.11.32.11.3
lfprojectsmlflow>= 0 < 96f0b573a73d8eedd6735a2ce26e08859527be0796f0b573a73d8eedd6735a2ce26e08859527be07
mlflowmlflow_mlflow>= unspecified < 2.11.32.11.3

Detection & IOCsextracted from sources · hover to see the quote

url/ajax-api/2.0/mlflow/experiments/create
url/api/2.0/mlflow/runs/create
url/ajax-api/2.0/mlflow/registered-models/create
url/ajax-api/2.0/mlflow/model-versions/create
url/model-versions/get-artifact?path=passwd&name={{randstr}}&version=1
pathhttp://\/\/#\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/
pathfile:///etc/
  • Detect exploitation attempts by monitoring POST requests to /ajax-api/2.0/mlflow/experiments/create with a URI fragment containing directory traversal sequences (e.g., '/../') in the artifact_location field.
  • Monitor GET requests to /model-versions/get-artifact with path=passwd as a strong indicator of active LFI exploitation targeting /etc/passwd.
  • Detect responses containing 'filename=passwd' and 'application/octet-stream' headers from the MLflow artifact endpoint, indicating successful file read.
  • Flag POST requests to /ajax-api/2.0/mlflow/model-versions/create where the 'source' field contains a file:// URI pointing to sensitive system paths.
  • Use Shodan/FOFA queries to identify exposed MLflow instances as potential targets: Shodan 'http.title:"mlflow"', FOFA 'title="mlflow"' or 'app="mlflow"'.
  • ·The exploit requires a multi-step chain: create an experiment with a traversal artifact_location, create a run under that experiment, create a registered model, create a model version with source=file:///etc/, then fetch the artifact. All five steps must succeed for exploitation.
  • ·Affected versions are MLflow < 2.11.3; specifically identified in version 2.9.2. The fix was introduced in version 2.11.3.
  • ·The traversal payload is embedded in the URI fragment (after '#'), not the query string — detection rules targeting only query string traversal sequences will miss this attack vector.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.