Cyber Resilience

CVE-2023-6831

HighPublic PoC

Published: 15 December 2023

Published
15 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.7398 98.8th percentile
Risk Priority 61 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6831 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lfprojects Mlflow. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

Deeper analysis

CVE-2023-6831 is a path traversal vulnerability, identified as CWE-29 and CWE-22, that affects the mlflow/mlflow GitHub repository in versions prior to 2.9.2. The flaw carries a CVSS 3.1 score of 8.1 and permits traversal sequences such as '\..\filename' that can be supplied over the network.

An authenticated attacker with low privileges can exploit the issue without user interaction to modify or delete files on the server, producing high integrity and availability impact while leaving confidentiality unaffected. The attack surface is network-reachable and requires only limited complexity to trigger.

References point to commits that resolve the traversal flaw and to the associated huntr.dev bounty report; these indicate that upgrading to MLflow 2.9.2 or later eliminates the exposure.

The EPSS score rose from lower values after disclosure to a peak of 0.8089 on 2025-12-11 before receding to the current 0.7398, demonstrating increased exploitation interest that warrants renewed attention for MLflow deployments.

EU & UK References

Vulnerability details

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
MLflow is an open-source platform for managing the end-to-end machine learning lifecycle, including tracking experiments, packaging code, and deploying models, fitting under 'Other Platforms' as it is not a framework, library, or specialized AI tool.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal vulnerability (CVE-2023-6831) in MLflow server enables remote arbitrary file read, mapping to exploitation of public-facing application (T1190), file and directory discovery (T1083), data collection from local system (T1005), and access to unsecured credentials in files (T1552.001).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference API

Affected Assets

lfprojects
mlflow
≤ 2.9.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References