High severityNVD Advisory· Published Apr 16, 2024· Updated Aug 1, 2024

Local File Read via Path Traversal in mlflow/mlflow

CVE-2024-1594

Description

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifact_location parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component # in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in mlflow allows reading arbitrary files via the `artifact_location` parameter using a fragment URI component.

Vulnerability

Overview A path traversal vulnerability exists in the mlflow/mlflow repository, specifically in the handling of the artifact_location parameter when creating an experiment. By including a fragment component # in the artifact location URI, an attacker can read arbitrary files on the server within the context of the server's process. This issue is similar to CVE-2023-6909 but uses a different URI component to achieve the same effect [1].

Exploitation

To exploit this vulnerability, an attacker must have the ability to create or modify experiments in an MLflow instance. By crafting a malicious artifact_location URI containing a # fragment, the attacker can bypass path validation and read files outside the intended artifact directory. No authentication is strictly required if the MLflow tracking server is exposed without access controls. The attack can be performed via the MLflow API or UI when creating an experiment [4].

Impact

Successful exploitation allows an attacker to read arbitrary files on the server, potentially exposing sensitive information such as configuration files, credentials, or machine learning models. This could lead to further compromise of the MLflow instance and associated infrastructure.

Mitigation

The vulnerability has been addressed in recent versions of MLflow. Users are strongly advised to upgrade to the latest patched version and restrict access to the MLflow tracking server. Additionally, input validation on the artifact_location parameter should be enforced to prevent traversal attacks [3][4].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mlflowPyPI	<= 2.9.2	—

Affected products

osv-coords2 versions
pkg:bitnami/mlflow pkg:pypi/mlflow
< 2.11.3+ 1 more
- (no CPE)range: < 2.11.3
- (no CPE)range: <= 2.9.2
mlflow/mlflow/mlflowv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-m49c-5c52-6696ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-1594ghsaADVISORY
github.com/mlflow/mlflow/blob/b929a3e727dc48a1eb19b7e954b7897ac09ad3ec/mlflow/utils/uri.pyghsaWEB
huntr.com/bounties/424b6f6b-e778-4a2b-b860-39730d396f3eghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000