Cyber Resilience

CVE-2024-1560

HighPublic PoC

Published: 16 April 2024

Published
16 April 2024
Modified
03 February 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0011 28.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1560 is a high-severity Path Traversal (CWE-22) vulnerability in Lfprojects Mlflow. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).

EU & UK References

Vulnerability details

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories…

more

on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
MLflow is an open-source platform for managing the ML lifecycle, including experiment tracking, model packaging, and artifact storage, fitting under 'Other Platforms' as an MLOps tool rather than a framework, library, or specific AI subdomain.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Path traversal vulnerability enables arbitrary directory deletion on the server filesystem, directly facilitating file deletion for indicator removal (T1070.004) and data destruction for impact (T1485).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0048: External Harms

Affected Assets

lfprojects
mlflow
≤ 2.9.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References