CVE-2024-1483
Published: 16 April 2024
Summary
CVE-2024-1483 is a high-severity Path Traversal (CWE-22) vulnerability in Lfprojects Mlflow. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).
Deeper analysis
A path traversal vulnerability affects MLflow version 2.9.2, enabling attackers to read arbitrary files on the server. The flaw stems from insufficient validation of user-supplied input in the server's handlers for artifact-related operations, specifically when processing the artifact_location and source parameters in HTTP requests.
An unauthenticated remote attacker can exploit the issue by sending crafted POST requests that use a local URI containing a # character in place of a query delimiter. Successful exploitation grants read access to sensitive files outside the intended directory, corresponding to the observed CVSS vector that requires no authentication or user interaction.
MLflow is an open-source platform commonly used in machine-learning workflows, which increases the potential impact of file disclosure in data-science environments. The EPSS score rose from lower values after disclosure to a peak of 0.7861 in December 2025 before settling at the current 0.7394, indicating growing exploitation interest following public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1193
Vulnerability details
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead…
more
of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- MLflow is an open-source MLOps platform for managing the end-to-end machine learning lifecycle, including experiment tracking, model registry, and artifact storage, which fits under 'Other Platforms' as it is not a framework, library, or specific AI subdomain tool.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables exploitation of public-facing application (T1190) for arbitrary file reads, facilitating data collection from local system (T1005), file and directory discovery (T1083), and accessing unsecured credentials in files (T1552.001).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.