High

mlflow

Path Traversal via Local URI Fragment

A path traversal vulnerability was identified in MLflow version 2.9.2, allowing attackers to exploit the system by using a local URI fragment with '#' instead of '?'. This vulnerability mirrors a previously reported issue but utilizes a different vector. The affected version is 2.9.2, and details on the patch are not provided in the report.

Available publicly on Apr 16 2024

7.5

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

haxatron
Threat Overview

The vulnerability exploits the handling of local URI fragments in MLflow, specifically by substituting '?' with '#' in requests. This manipulation enables attackers to traverse the directory structure of the server hosting MLflow, potentially accessing or manipulating sensitive files. Given the nature of path traversal vulnerabilities, this could lead to information disclosure, data corruption, or unauthorized access.

Attack Scenario

An attacker crafts a series of malicious POST requests targeting the MLflow server's API endpoints. By specifying an artifact location using a local URI fragment with '#', the attacker can manipulate the server into traversing its directory structure up to the root ('/'), and then down into sensitive directories (e.g., '/etc/'). This could allow the attacker to access or manipulate sensitive files on the server.

Who is affected

This vulnerability affects users and organizations utilizing MLflow version 2.9.2 for machine learning lifecycle management. Specifically, systems where MLflow is exposed to untrusted network environments are at risk, as attackers can exploit this vulnerability to access or manipulate sensitive files on the server.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 619 related security advisories that are available with Sightline Premium.