CVE-2023-6909
Path Traversal vulnerability in mlflow (PyPI)
What is CVE-2023-6909 About?
This Path Traversal vulnerability exists in the GitHub repository mlflow/mlflow prior to version 2.9.2. It allows attackers to access arbitrary files and directories by injecting path traversal sequences like `../filename`. The impact could range from information disclosure to potentially overwriting files depending on the context. Exploitation is straightforward if user input is directly used in file path operations.
Affected Software
- mlflow
- <1da75dfcecd4d169e34809ade55748384e8af6c1
- <2.9.2
Technical Details
The vulnerability involves a Path Traversal flaw in mlflow/mlflow versions prior to 2.9.2. This flaw allows an attacker to manipulate file paths by including ../ sequences in their input. When the application attempts to access or store files based on this user-controlled input, the ../ characters cause the path to resolve outside of the intended directory. This could enable an attacker to read, write, or delete arbitrary files on the system by crafting a payload that navigates to sensitive locations outside the designated file storage area.
What is the Impact of CVE-2023-6909?
Successful exploitation may allow attackers to read, write, or delete arbitrary files on the server, potentially leading to information disclosure, data corruption, or execution of malicious files.
What is the Exploitability of CVE-2023-6909?
Exploitation of this Path Traversal vulnerability requires an attacker to inject path traversal sequences (e.g., ../, ..\) into an input field or parameter that is later used in file system operations within the mlflow application. The complexity is generally low for an attacker if such an input point exists. Authentication requirements depend on whether the vulnerable file operation is accessible before or after authentication. Privilege requirements would be those of the application process itself. It can be a remote vulnerability if the input is processed from a network request. The primary risk factor is the application's failure to sanitize or validate user-supplied file path information, making it susceptible to traversal attacks.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-6909?
Available Upgrade Options
- mlflow
- <1da75dfcecd4d169e34809ade55748384e8af6c1 → Upgrade to 1da75dfcecd4d169e34809ade55748384e8af6c1
- mlflow
- <2.9.2 → Upgrade to 2.9.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/PYSEC-2023-252
- https://nvd.nist.gov/vuln/detail/CVE-2023-6909
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-252.yaml
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850
- https://github.com/mlflow/mlflow
What are Similar Vulnerabilities to CVE-2023-6909?
Similar Vulnerabilities: CVE-2023-45136 , CVE-2023-45814 , CVE-2023-39580 , CVE-2023-39933 , CVE-2023-39934
