Login Sign Up

CVE-2023-3765

10.0 CRITICAL
Authentication Bypass Path Traversal

📋 TL;DR

This vulnerability allows attackers to perform absolute path traversal attacks in MLflow deployments prior to version 2.5.0. Attackers can potentially access arbitrary files on the server filesystem by manipulating file paths. This affects all MLflow users running vulnerable versions, particularly those with internet-facing deployments.

💻 Affected Systems

Products:
  • MLflow
Versions: All versions prior to 2.5.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects MLflow deployments with file serving capabilities enabled.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via arbitrary file read/write, potentially leading to sensitive data exposure, credential theft, or remote code execution.

🟠

Likely Case

Unauthorized access to sensitive configuration files, source code, or credentials stored on the server filesystem.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation, but still potential for information disclosure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Path traversal vulnerabilities are commonly exploited and require minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.0 and later

Vendor Advisory: https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b

Restart Required: Yes

Instructions:

1. Backup your MLflow data and configuration. 2. Update MLflow using pip: 'pip install --upgrade mlflow>=2.5.0'. 3. Restart all MLflow services. 4. Verify the update with 'mlflow --version'.

🔧 Temporary Workarounds

Disable file serving

all

Disable MLflow's file serving functionality if not required

Configure MLflow to not serve static files or artifacts

Network segmentation

all

Restrict network access to MLflow deployment

Configure firewall rules to limit access to trusted IPs only

🧯 If You Can't Patch

  • Implement strict file system permissions to limit what MLflow can access
  • Deploy MLflow behind a reverse proxy with path validation and sanitization

🔍 How to Verify

Check if Vulnerable:

Check MLflow version with 'mlflow --version' or 'pip show mlflow' and verify it's below 2.5.0

Check Version:

mlflow --version

Verify Fix Applied:

Confirm version is 2.5.0 or higher with 'mlflow --version'

📡 Detection & Monitoring

Log Indicators:

  • Unusual file path patterns in access logs
  • Requests containing '../' or absolute paths
  • Failed file access attempts outside expected directories

Network Indicators:

  • HTTP requests with path traversal sequences
  • Unusual file extensions or paths in URLs

SIEM Query:

source="mlflow.logs" AND (url="*../*" OR url="*/*:*" OR url="*/etc/*" OR url="*/passwd*")

📊 Metadata

CVE ID: CVE-2023-3765
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-36
Published: July 19, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3765, you might also want to check these:

CVE-2025-0851 9.8

A path traversal vulnerability in Deep Java Library's ZipUtils.unzip and TarUtils.untar functions al...

Same vulnerability type (CWE-36)
CVE-2024-9924 9.8

This vulnerability allows unauthenticated remote attackers to download arbitrary system files from O...

Same vulnerability type (CWE-36)
CVE-2024-10811 9.8

This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attack...

Same vulnerability type (CWE-36)