CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

2024-04-1600:00:14

CWE-22

@huntr_ai

github.com

path traversal mlflow artifactsuri server process arbitraryfilescve-2024-1594

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.3%

JSON

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifact_location parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component # in the artifact location URI to read arbitrary files on the server in the context of the server’s process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

CNA Affected

[
  {
    "vendor": "mlflow",
    "product": "mlflow/mlflow",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]