A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
The vulnerability classified as CWE-29 (Path Traversal: '\..\filename') allows an attacker to escape the permitted directory by using crafted paths in a network request. By exploiting this flaw, a malicious user can cause arbitrary system commands to be executed on the server hosting MLflow. The attack vector is network-based, with no authentication requirements or attack complexity.
An attacker can obtain remote code execution (RCE) on the vulnerable server, and consequently gain unauthorized access to data, machine learning models, and other system resources.
MLflow should be updated to a version containing commit b9ab9ed77e1deda9697fe472fb1079fd428149ee or later. Detailed information is available in the vendor references and on the huntr.com platform.
MLflow product delivered by Lfprojects — versions indicated in vendor references (fix commit: b9ab9ed77e1deda9697fe472fb1079fd428149ee).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLfprojects Mlflow
APPLfprojects< 2.9.2
Related vulnerabilities
MLflow: nieautoryzowany dostęp do endpointów multipart upload (RCE)
MLflow: nieprawidłowa walidacja origin umożliwia RCE przez cross-origin request
Brak uwierzytelnienia w endpointach FastAPI jobs w MLflow (Auth Bypass / RCE)
Command injection w MLflow podczas inicjalizacji kontenera modelu
Path traversal w MLflow — nadpisanie plików i eskalacja uprawnień