Mlflow
CVE-2024-1560
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 10 pypi packages depend on mlflow (10 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.9.2.
DescriptionNVD
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts handler and local_file_uri_to_path function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the delete_artifacts function of local_artifact_repo.py, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
AnalysisAI
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts handler and local_file_uri_to_path function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the delete_artifacts function of local_artifact_repo.py, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831. Affected products include: Lfprojects Mlflow. Version information: version 2.9.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerabilit
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. Rated critical severity (CVSS 10.0), this vul
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it cou
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. Rated critical s
An attacker can overwrite any file on the server hosting MLflow without any authentication. Rated critical severity (CVS
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. Rated critical severity (CVSS 9.8), th
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Rated critical severity (CVSS 9.8), th
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. Rated critical se
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. Rated critical severity (CVSS 9.6), t
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of specia
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today