CVE-2023-6909
Published: 18 December 2023
Summary
CVE-2023-6909 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lfprojects Mlflow. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Adversarial AI Attack Implementations (AML.T0016.000), Invert AI Model (AML.T0024.001).
Deeper analysis
CVE-2023-6909 is a path traversal vulnerability, tracked as CWE-29, that affects the MLflow machine learning platform in the GitHub repository mlflow/mlflow prior to version 2.9.2. The flaw permits traversal sequences of the form '\..\filename' and carries a CVSS 3.1 base score of 7.5, reflecting network attack vector, low attack complexity, and no required privileges or user interaction, with high impact on confidentiality.
An unauthenticated attacker with network access can supply crafted path sequences to read arbitrary files on the server hosting the MLflow instance, exposing sensitive data without affecting integrity or availability.
The referenced GitHub commit 1da75dfcecd4d169e34809ade55748384e8af6c1 and the associated huntr.dev bounty report indicate that the issue is resolved by upgrading to MLflow 2.9.2 or later.
The vulnerability's EPSS score has reached a current value of 0.8571 with a recorded peak of 0.8741, indicating sustained exploitation interest after public disclosure; because MLflow is widely used in machine-learning workflows, the flaw is particularly relevant to AI/ML environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-0153
Vulnerability details
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- MLflow is an open-source platform for managing the end-to-end machine learning lifecycle, including experimentation, reproducibility, and deployment, fitting under 'Other Platforms' as it is not a specific framework, library, or other listed subcategory.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability (CVE-2023-6909) in MLflow enables arbitrary local file reads, facilitating collection of data from the local system, file and directory discovery, and access to unsecured credentials stored in files.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.