Cyber Resilience

CVE-2024-2928

HighPublic PoC

Published: 06 June 2024

Published
06 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9116 99.7th percentile
Risk Priority 70 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2928 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Lfprojects Mlflow. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique /etc/passwd and /etc/shadow (T1003.008); ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).

Deeper analysis

A Local File Inclusion vulnerability affects the mlflow/mlflow project in version 2.9.2. The flaw stems from insufficient validation of URI fragments against directory traversal sequences such as '../', allowing an attacker to read arbitrary local files including sensitive system files like /etc/passwd. It represents a bypass of an earlier patch that had addressed similar manipulation only within the query string portion of URIs. The issue is tracked under CWE-22 and CWE-29 and carries a CVSS 3.1 score of 7.5.

An unauthenticated remote attacker can supply a crafted URI fragment to the affected MLflow instance and retrieve arbitrary files from the underlying filesystem. Successful exploitation yields disclosure of confidential data without requiring user interaction or elevated privileges.

The referenced GitHub commits and huntr.dev bounty reports document the remediation, which was released in version 2.11.3 and applies comprehensive URI validation covering fragments in addition to query strings. The EPSS score has remained consistently high near 0.91 since disclosure.

EU & UK References

Vulnerability details

A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An…

more

attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
MLflow is an open-source platform for managing the machine learning lifecycle, including experiment tracking, model packaging, and deployment, fitting the 'Other Platforms' category for AI/ML platforms.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The LFI vulnerability (CVE-2024-2928) in MLflow enables exploitation of public-facing applications (T1190), facilitates file and directory discovery via path traversal (T1083), and allows reading sensitive files such as /etc/passwd for OS credential dumping (T1003.008).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0016: Obtain CapabilitiesAML.T0024: Exfiltration via AI Inference API

Affected Assets

lfprojects
mlflow
≤ 2.11.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References