BIT-mlflow-2024-1558
Path Traversal vulnerability in mlflow (PyPI)

Path Traversal No known exploit

What is BIT-mlflow-2024-1558 About?

This vulnerability is a path traversal flaw in MLflow's `_create_model_version()` function due to insufficient validation of the `source` parameter. Attackers can craft a `source` parameter to bypass checks, leading to arbitrary file read access on the server. Exploiting this could expose sensitive information, making it a significant risk with medium exploitation complexity.

Affected Software

mlflow <2.12.1

Technical Details

The vulnerability exists in the _create_model_version() function within server/handlers.py in the mlflow/mlflow repository. It stems from improper validation of the source parameter. The _validate_non_local_source_contains_relative_paths(source) function, intended to prevent path traversal, can be bypassed. Attackers can craft a source parameter that includes path traversal sequences, potentially leveraging unquoted URL characters or other encoding tricks. When the source value is subsequently used by the /model-versions/get-artifact handler, the misleadingly validated path is misinterpreted, allowing the attacker to read arbitrary files outside the intended directory structure on the server.

What is the Impact of BIT-mlflow-2024-1558?

Successful exploitation may allow attackers to read arbitrary files on the server, including sensitive configuration files, source code, or other confidential data.

What is the Exploitability of BIT-mlflow-2024-1558?

Exploitation involves crafting a malicious source parameter to the _create_model_version() function. The complexity is medium, as it requires bypassing existing path validation checks, possibly through creative URL encoding or understanding how unquoted URL characters are handled. No specific authentication beyond typical user access to the MLflow API is mentioned, nor are elevated privileges required. The attack is remote, as it targets a web application endpoint. Special conditions include the interaction between the _create_model_version() function and the /model-versions/get-artifact handler. The likelihood of exploitation increases if an attacker can freely manipulate the 'source' parameter during model version creation requests.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for BIT-mlflow-2024-1558?

Available Upgrade Options

  • mlflow
    • <2.12.1 → Upgrade to 2.12.1

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to BIT-mlflow-2024-1558?

Similar Vulnerabilities: CVE-2023-4966 , CVE-2022-29007 , CVE-2021-41773 , CVE-2020-14930 , CVE-2019-17482

All Rights reserved 2025
Privacy Policy