Cyber Resilience

CVE-2024-1483

HighPublic PoC

Published: 16 April 2024

Published
16 April 2024
Modified
03 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.7394 98.8th percentile
Risk Priority 59 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1483 is a high-severity Path Traversal (CWE-22) vulnerability in Lfprojects Mlflow. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

Deeper analysis

A path traversal vulnerability affects MLflow version 2.9.2, enabling attackers to read arbitrary files on the server. The flaw stems from insufficient validation of user-supplied input in the server's handlers for artifact-related operations, specifically when processing the artifact_location and source parameters in HTTP requests.

An unauthenticated remote attacker can exploit the issue by sending crafted POST requests that use a local URI containing a # character in place of a query delimiter. Successful exploitation grants read access to sensitive files outside the intended directory, corresponding to the observed CVSS vector that requires no authentication or user interaction.

MLflow is an open-source platform commonly used in machine-learning workflows, which increases the potential impact of file disclosure in data-science environments. The EPSS score rose from lower values after disclosure to a peak of 0.7861 in December 2025 before settling at the current 0.7394, indicating growing exploitation interest following public release.

EU & UK References

Vulnerability details

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead…

more

of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
MLflow is an open-source MLOps platform for managing the end-to-end machine learning lifecycle, including experiment tracking, model registry, and artifact storage, which fits under 'Other Platforms' as it is not a framework, library, or specific AI subdomain tool.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal enables exploitation of public-facing application (T1190) for arbitrary file reads, facilitating data collection from local system (T1005), file and directory discovery (T1083), and accessing unsecured credentials in files (T1552.001).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference API

Affected Assets

lfprojects
mlflow
≤ 2.12.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References