CVE-2023-6015 – CVE-2023-6015 is a path traversal vulnerability... (How to Fix)

📋 TL;DR

CVE-2023-6015 is a path traversal vulnerability in MLflow that allows attackers to upload arbitrary files to any location on the server's filesystem. This affects MLflow deployments with the artifact store enabled, particularly those exposed to untrusted networks. Attackers can overwrite critical system files or deploy malicious code.

💻 Affected Systems

Products:

MLflow

Versions: Versions before 2.9.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects MLflow deployments with artifact store functionality enabled.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through arbitrary file write leading to remote code execution, data destruction, or credential theft.

🟠

Likely Case

Unauthorized file upload leading to data corruption, denial of service, or privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation and file permission restrictions.

🌐 Internet-Facing: HIGH - Internet-facing MLflow instances are directly exploitable without authentication.

🏢 Internal Only: MEDIUM - Internal instances still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP PUT requests with crafted paths can exploit this vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.2 and later

Vendor Advisory: https://github.com/mlflow/mlflow/security/advisories/GHSA-8j5c-7xvw-5gq9

Restart Required: Yes

Instructions:

1. Upgrade MLflow to version 2.9.2 or later using pip: pip install --upgrade mlflow>=2.9.2
2. Restart all MLflow services
3. Verify the fix by checking the version

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to MLflow server to trusted IPs only

iptables -A INPUT -p tcp --dport 5000 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 5000 -j DROP

File System Permissions

linux

Run MLflow with minimal file system permissions

chown -R mlflow:mlflow /var/lib/mlflow
chmod 750 /var/lib/mlflow

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to MLflow instances
Deploy web application firewall (WAF) rules to block path traversal patterns in PUT requests

🔍 How to Verify

Check if Vulnerable:

Check MLflow version: mlflow --version. If version is below 2.9.2, system is vulnerable.

Check Version:

mlflow --version

Verify Fix Applied:

After upgrade, verify version is 2.9.2 or higher and test that path traversal attempts are rejected.

📡 Detection & Monitoring

Log Indicators:

HTTP PUT requests with ../ patterns in URL
File write operations outside expected artifact directories

Network Indicators:

Unusual PUT requests to MLflow endpoints
Traffic patterns indicating file upload attempts

SIEM Query:

source="mlflow.logs" AND (method="PUT" AND (url="*../*" OR url="*..\*"))

📊 Metadata

CVE ID: CVE-2023-6015

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: November 16, 2023

Last Updated: November 21, 2024

🔗 References

https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3 Exploit,Third Party Advisory
https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6015, you might also want to check these: