CVE-2024-3848
published 2024-05-16CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability…
PriorityP270high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
43.28%
98.6th percentile
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 2.12.1 | 2.12.1 |
| lfprojects | mlflow | < f8d51e21523238280ebcfdb378612afd7844eca8 | f8d51e21523238280ebcfdb378612afd7844eca8 |
| lfprojects | mlflow | >= 0 < f8d51e21523238280ebcfdb378612afd7844eca8 | f8d51e21523238280ebcfdb378612afd7844eca8 |
| lfprojects | mlflow | >= 0 < 2.12.1 | 2.12.1 |
| lfprojects | mlflow | >= 2.9.2 < 2.12.1 | 2.12.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect path traversal attempts in MLflow artifact_location field using a '#' character followed by directory traversal sequences (../../) to bypass URL validation. ↗
- →Monitor POST requests to /ajax-api/2.0/mlflow/experiments/create with artifact_location values containing 'http://host#/' patterns combined with path traversal sequences. ↗
- →Alert on GET requests to /model-versions/get-artifact with path=passwd, which indicates an attempt to read /etc/passwd via path traversal. ↗
- →Detect responses containing 'root:.*:0:0:' regex pattern in body combined with 'filename=passwd' and 'application/octet-stream' in headers, indicating successful /etc/passwd exfiltration. ↗
- →Monitor POST requests to /ajax-api/2.0/mlflow/model-versions/create with source field set to 'file:///etc/' or similar local filesystem paths, indicating exploitation of the model-version source path traversal vector. ↗
- →Use Shodan/FOFA queries to identify exposed MLflow instances as potential targets: http.title:"mlflow", title="mlflow", app="mlflow". ↗
- ·This CVE (2024-3848) is a bypass of the previously patched CVE-2023-6909; systems patched only for CVE-2023-6909 remain vulnerable if not upgraded to 2.12.1 or later. ↗
- ·The vulnerability is unauthenticated (PR:N) and network-exploitable (AV:N) with no user interaction required, making it trivially exploitable against any exposed MLflow instance. ↗
- ·The exploit chain requires multiple sequential API calls (experiment create → run create → artifact upload → model-version create → get-artifact), so single-request detections will miss the full attack pattern. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MLflow has a Local File Read/Path Traversal bypass
ghsa·2024-05-16·CVSS 7.5
CVE-2024-3848 [HIGH] CWE-22 MLflow has a Local File Read/Path Traversal bypass
MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitra
OSV
CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2
osv·2024-05-16·CVSS 7.5
CVE-2024-3848 [HIGH] CVE-2024-3848: A path traversal vulnerability exists in mlflow/mlflow version 2
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
OSV
MLflow has a Local File Read/Path Traversal bypass
osv·2024-05-16·CVSS 7.5
CVE-2024-3848 [HIGH] MLflow has a Local File Read/Path Traversal bypass
MLflow has a Local File Read/Path Traversal bypass
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitra
No detection rules found.
Nuclei
Mlflow < 2.11.0 - Path Traversal
nuclei·CVSS 7.5
CVE-2024-3848 [HIGH] Mlflow < 2.11.0 - Path Traversal
Mlflow < 2.11.0 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read throu
2024-05-16
Published