PRIOn Logo

CVE-2024-3848 Path traversal

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.

CWE: CWE-29
CVSS v2-
CVSS v3-
References
https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
Affected Vendors

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Path traversal

CVSS Scores as calculated by PRIOnengine
CVSS v25
AV:N/AC:L/AU:N/C:P/I:N/A:N
CVSS v37.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

T1591 - Gather Victim Org Information
T1590 - Gather Victim Network Information
T1589.001 - Gather Victim Identity Information (Credentials)
T1552 - Unsecured Credentials
T1190 - Exploit Public-Facing Application
T1133 - External Remote Services
T1087 - Account Discovery
T1083 - File and Directory Discovery
T1082 - System Information Discovery
T1005 - Data from Local System
T1003 - OS Credential Dumping

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.8 - Improper Access Control
PCI DSS v3.2.1-6.5.5 - Improper Error Handling

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-