Path Traversal: '\..\filename'

CVE-2024-8859

High

7.5/10

Summary

A Path Traversal vulnerability exists in mlflow versions prior to 2.17.0rc0. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while parts such as query and parameters are not handled. The vulnerability is triggered if the user has configured the dbfs service, and during usage, the service is mounted to a local directory.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-29 - Path Traversal: '\..\filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

References

Advisory Timeline

Published Mar 20, 2025

Path Traversal: '\..\filename'

CVE-2024-8859

Summary

CWE-29 - Path Traversal: '\..\filename'

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS