HTTP: MLflow artifact_location Directory Traversal
This signature detects attempts to exploit a known vulnerability against MLflow. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
Affected Products
Lfprojects mlflow
References
CVE: CVE-2023-6909
Short Name
HTTP:DIR:MLFLOW-ARTIFACT-LOCAON
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-6909 CVE-2024-2928 Directory MLflow Traversal artifact_location
Release Date
05/03/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3805
False Positive
Unknown
Vendors
Lfprojects