CVE-2023-6753 – This path traversal vulnerability in MLflow all... (How to Fix)

Q: What is the severity of CVE-2023-6753?

CVE-2023-6753 has a CVSS score of 8.8 (HIGH). This path traversal vulnerability in MLflow allows attackers to read arbitrary files on the server by manipulating file paths in requests. It affects all MLflow deployments running versions prior to 2.9.2. The vulnerability is particularly dangerous in multi-tenant environments where users can access each other's files.

📋 TL;DR

This path traversal vulnerability in MLflow allows attackers to read arbitrary files on the server by manipulating file paths in requests. It affects all MLflow deployments running versions prior to 2.9.2. The vulnerability is particularly dangerous in multi-tenant environments where users can access each other's files.

💻 Affected Systems

Products:

MLflow

Versions: All versions prior to 2.9.2

Operating Systems: All operating systems running MLflow

Default Config Vulnerable: ⚠️ Yes

Notes: All MLflow deployments using the affected components are vulnerable regardless of configuration.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, configuration files with credentials, or database connection strings, potentially leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive ML model artifacts, experiment data, or configuration files belonging to other users in multi-tenant deployments.

🟢

If Mitigated

Limited impact with proper network segmentation, file system permissions, and minimal sensitive data exposure.

🌐 Internet-Facing: HIGH - Internet-facing MLflow instances are directly exploitable without authentication in default configurations.

🏢 Internal Only: MEDIUM - Internal deployments still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit with basic HTTP requests. Public proof-of-concept exists in the commit diff and bounty reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.2 and later

Vendor Advisory: https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4

Restart Required: Yes

Instructions:

1. Stop MLflow service. 2. Upgrade MLflow using pip: 'pip install --upgrade mlflow>=2.9.2'. 3. Restart MLflow service. 4. Verify the version with 'mlflow --version'.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to MLflow instances using firewalls or network policies

File System Permissions

linux

Run MLflow with minimal file system permissions and isolate sensitive directories

chmod 700 /sensitive/paths
chown mlflow:mlflow /mlflow/data

🧯 If You Can't Patch

Implement strict network segmentation to isolate MLflow from sensitive systems
Deploy a web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if MLflow version is below 2.9.2 using 'mlflow --version' or examine the installed package version

Check Version:

mlflow --version

Verify Fix Applied:

Confirm MLflow version is 2.9.2 or higher and test that path traversal attempts return proper error responses

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' sequences
Access to unexpected file paths in MLflow logs
Error responses for invalid file paths

Network Indicators:

HTTP requests with path traversal patterns to MLflow endpoints
Unusual file access patterns from single IPs

SIEM Query:

source="mlflow.log" AND ("../" OR "..\\" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2023-6753

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: December 13, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4 Patch
https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4 Exploit,Patch,Third Party Advisory
https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4 Patch
https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4 Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6753, you might also want to check these: