AVID-2026-R1456

Description

Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow (CVE-2024-2928)

Details

A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application’s failure to properly validate URI fragments for directory traversal sequences such as ‘../’. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like ‘/etc/passwd’. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI’s query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.

Reason for inclusion in AVID: The CVE describes a Local File Inclusion vulnerability in mlflow/mlflow, a widely used ML lifecycle tool. Mlflow is a common dependency in AI/ML pipelines for training, packaging, serving, and experiment tracking. Exploitation could lead to unauthorized access to local files, impacting confidentiality. This is a software vulnerability in a component used to build/run general-purpose AI systems, thus it is AI-related and part of the AI software supply chain. Evidence is provided via CVE details, affected versions, and CVSS metrics.

References

• NVD entry
• https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298
• https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07

Affected or Relevant Artifacts

• Developer: mlflow
• Deployer: mlflow
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-06-06
• Version: 0.3.3
• AVID Entry