CVE-2024-8859

{"id": "CVE-2024-8859", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:44.463", "references": [{"url": "https://github.com/mlflow/mlflow/commit/7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/2259b88b-a0c6-4c7c-b434-6aacf6056dcb", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-29"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulnerability is triggered if the user has configured the dbfs service, and during usage, the service is mounted to a local directory."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en mlflow/mlflow versi\u00f3n 2.15.1. Cuando los usuarios configuran y utilizan el servicio dbfs, la concatenaci\u00f3n de la URL directamente en el protocolo de archivo genera una vulnerabilidad de lectura de archivos arbitrarios. Este problema se produce porque solo se verifica la parte de la ruta de la URL, mientras que partes como la consulta y los par\u00e1metros no se gestionan. La vulnerabilidad se activa si el usuario ha configurado el servicio dbfs y, durante su uso, este se monta en un directorio local."}], "lastModified": "2025-08-05T16:15:20.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mlflow:2.15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5093AA83-B103-4E88-BA15-C95D1449D9DF"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}