cbcvebase.
CVE-2024-3848
published 2024-05-16

CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability…

PriorityP270high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
43.28%
98.6th percentile
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.

Affected

5 ranges
VendorProductVersion rangeFixed in
lfprojectsmlflow< 2.12.12.12.1
lfprojectsmlflow< f8d51e21523238280ebcfdb378612afd7844eca8f8d51e21523238280ebcfdb378612afd7844eca8
lfprojectsmlflow>= 0 < f8d51e21523238280ebcfdb378612afd7844eca8f8d51e21523238280ebcfdb378612afd7844eca8
lfprojectsmlflow>= 0 < 2.12.12.12.1
lfprojectsmlflow>= 2.9.2 < 2.12.12.12.1

Detection & IOCsextracted from sources · hover to see the quote

url/ajax-api/2.0/mlflow/upload-artifact?run_uuid={{RUN_ID}}&path=a?/a
url/model-versions/get-artifact?path=passwd&name={{randstr}}&version=1
pathhttp://host#/../../../../../../../../../../../../../../etc/
pathfile:///etc/
  • Detect path traversal attempts in MLflow artifact_location field using a '#' character followed by directory traversal sequences (../../) to bypass URL validation.
  • Monitor POST requests to /ajax-api/2.0/mlflow/experiments/create with artifact_location values containing 'http://host#/' patterns combined with path traversal sequences.
  • Alert on GET requests to /model-versions/get-artifact with path=passwd, which indicates an attempt to read /etc/passwd via path traversal.
  • Detect responses containing 'root:.*:0:0:' regex pattern in body combined with 'filename=passwd' and 'application/octet-stream' in headers, indicating successful /etc/passwd exfiltration.
  • Monitor POST requests to /ajax-api/2.0/mlflow/model-versions/create with source field set to 'file:///etc/' or similar local filesystem paths, indicating exploitation of the model-version source path traversal vector.
  • Use Shodan/FOFA queries to identify exposed MLflow instances as potential targets: http.title:"mlflow", title="mlflow", app="mlflow".
  • ·This CVE (2024-3848) is a bypass of the previously patched CVE-2023-6909; systems patched only for CVE-2023-6909 remain vulnerable if not upgraded to 2.12.1 or later.
  • ·The vulnerability is unauthenticated (PR:N) and network-exploitable (AV:N) with no user interaction required, making it trivially exploitable against any exposed MLflow instance.
  • ·The exploit chain requires multiple sequential API calls (experiment create → run create → artifact upload → model-version create → get-artifact), so single-request detections will miss the full attack pattern.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.