Sightline

High

mlflow

Path Traversal Bypass in Artifact Retrieval

A vulnerability in mlflow version 2.11.0 allows for path traversal due to improper validation of artifact URLs. By appending a '#' to the URL, attackers can bypass security checks and read arbitrary files. This issue was patched in version 2.12.1.

Available publicly on Apr 26 2024 | Available with Premium on Apr 17 2024

CVE:

CVE-2024-3848

CWE:

29:Path Traversal: '\..\filename'

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

asimovl

Assess Detect

Available

Remediate

Remediation Steps

Update to mlflow version 2.12.1 or later.
Review and sanitize all user inputs, especially those that influence filesystem paths or URLs.
Implement additional server-side validation to ensure that URLs and paths do not contain unexpected characters or sequences that could lead to security vulnerabilities.
Regularly audit and monitor your application for unusual activity that could indicate an attempt to exploit this or similar vulnerabilities.

Patch Details

Fixed Version: 2.12.1
Patch Commit: https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 620- related security advisories that are available with Sightline Premium.