Path traversal vulnerability in mlflow repository
CVE-2024-1560

8.1HIGH

Key Information:

Vendor: Mlflow
Status: Mlflow/mlflow
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-1560?

A significant path traversal vulnerability has been identified in the MLflow repository, specifically impacting the artifact deletion functionality. This flaw permits malicious actors to exploit the double decoding mechanism exploited within the _delete_artifact_mlflow_artifacts handler and the local_file_uri_to_path function. As a result, attackers can bypass standard path validation and delete arbitrary directories from the server's filesystem. The issue arises from an improper sanitization of user-supplied paths, linked to an extra unquote operation within the delete_artifacts function of local_artifact_repo.py. This vulnerability affects all versions up to 2.9.2, despite previous attempts to remediate a similar issue outlined in CVE-2023-6831.

Affected Version(s)

mlflow/mlflow <= unspecified

References

https://huntr.com/bounties/4a34259c-3c8f-4872-b178-f27fbc...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024
Vulnerability Reserved
Feb 15, 2024

Mlflow

What is CVE-2024-1560?

Affected Version(s)

References

CVSS V3.1

Timeline