CVE-2024-2928
Published: 06 June 2024
Summary
CVE-2024-2928 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lfprojects Mlflow. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique /etc/passwd and /etc/shadow (T1003.008); ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).
Deeper analysis
A Local File Inclusion vulnerability affects the mlflow/mlflow project in version 2.9.2. The flaw stems from insufficient validation of URI fragments against directory traversal sequences such as '../', allowing an attacker to read arbitrary local files including sensitive system files like /etc/passwd. It represents a bypass of an earlier patch that had addressed similar manipulation only within the query string portion of URIs. The issue is tracked under CWE-22 and CWE-29 and carries a CVSS 3.1 score of 7.5.
An unauthenticated remote attacker can supply a crafted URI fragment to the affected MLflow instance and retrieve arbitrary files from the underlying filesystem. Successful exploitation yields disclosure of confidential data without requiring user interaction or elevated privileges.
The referenced GitHub commits and huntr.dev bounty reports document the remediation, which was released in version 2.11.3 and applies comprehensive URI validation covering fragments in addition to query strings. The EPSS score has remained consistently high near 0.91 since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2083
Vulnerability details
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An…
more
attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- MLflow is an open-source platform for managing the machine learning lifecycle, including experiment tracking, model packaging, and deployment, fitting the 'Other Platforms' category for AI/ML platforms.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The LFI vulnerability (CVE-2024-2928) in MLflow enables exploitation of public-facing applications (T1190), facilitates file and directory discovery via path traversal (T1083), and allows reading sensitive files such as /etc/passwd for OS credential dumping (T1003.008).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.