CVE-2023-6831
Published: 15 December 2023
Summary
CVE-2023-6831 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lfprojects Mlflow. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).
Deeper analysis
CVE-2023-6831 is a path traversal vulnerability, identified as CWE-29 and CWE-22, that affects the mlflow/mlflow GitHub repository in versions prior to 2.9.2. The flaw carries a CVSS 3.1 score of 8.1 and permits traversal sequences such as '\..\filename' that can be supplied over the network.
An authenticated attacker with low privileges can exploit the issue without user interaction to modify or delete files on the server, producing high integrity and availability impact while leaving confidentiality unaffected. The attack surface is network-reachable and requires only limited complexity to trigger.
References point to commits that resolve the traversal flaw and to the associated huntr.dev bounty report; these indicate that upgrading to MLflow 2.9.2 or later eliminates the exposure.
The EPSS score rose from lower values after disclosure to a peak of 0.8089 on 2025-12-11 before receding to the current 0.7398, demonstrating increased exploitation interest that warrants renewed attention for MLflow deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-0154
Vulnerability details
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- MLflow is an open-source platform for managing the end-to-end machine learning lifecycle, including tracking experiments, packaging code, and deploying models, fitting under 'Other Platforms' as it is not a framework, library, or specialized AI tool.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability (CVE-2023-6831) in MLflow server enables remote arbitrary file read, mapping to exploitation of public-facing application (T1190), file and directory discovery (T1083), data collection from local system (T1005), and access to unsecured credentials in files (T1552.001).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.