chore(deps): update dependency mlflow to v3 [security]#43
Open
anaconda-renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update dependency mlflow to v3 [security]#43anaconda-renovate[bot] wants to merge 1 commit intomainfrom
anaconda-renovate[bot] wants to merge 1 commit intomainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
>=2.3.0→>=3.11.1==2.6.0→==3.11.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
renovate update details
¹ only available for some managers
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
BIT-mlflow-2023-6014 / CVE-2023-6014 / GHSA-4qq5-mxxx-m6gg
More information
Details
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
MLflow allowed arbitrary files to be PUT onto the server
BIT-mlflow-2023-6015 / CVE-2023-6015 / GHSA-f798-qm4r-23r5
More information
Details
MLflow allowed arbitrary files to be PUT onto the server.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Remote code execution in mlflow
BIT-mlflow-2024-0520 / CVE-2024-0520 / GHSA-5q6c-ffvg-xcm9 / PYSEC-2024-239
More information
Details
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the
mlflow.data.http_dataset_source.pymodule. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from theContent-Dispositionheader or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Cross-site Scripting (XSS) in MLflow
BIT-mlflow-2023-6568 / CVE-2023-6568 / GHSA-vwhf-3v6x-wff8 / PYSEC-2023-260
More information
Details
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/init.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Information exposure in MLflow
BIT-mlflow-2023-43472 / CVE-2023-43472 / GHSA-wqxf-447m-6f5f
More information
Details
An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
BIT-mlflow-2024-0520 / CVE-2024-0520 / GHSA-5q6c-ffvg-xcm9 / PYSEC-2024-239
More information
Details
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the
mlflow.data.http_dataset_source.pymodule. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from theContent-Dispositionheader or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
BIT-mlflow-2023-6568 / CVE-2023-6568 / GHSA-vwhf-3v6x-wff8 / PYSEC-2023-260
More information
Details
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/init.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
Path traversal in MLflow
BIT-mlflow-2023-6831 / CVE-2023-6831 / GHSA-554w-xh4j-8w64 / PYSEC-2023-253
More information
Details
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
MLflow Server-Side Request Forgery (SSRF)
BIT-mlflow-2023-6974 / CVE-2023-6974 / GHSA-59v3-898r-qwhj
More information
Details
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abused to get a remote code execution on the victim machine.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
mlflow vulnerable to Path Traversal
BIT-mlflow-2024-1560 / CVE-2024-1560 / GHSA-5mvj-wmgj-7q8c
More information
Details
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the
_delete_artifact_mlflow_artifactshandler andlocal_file_uri_to_pathfunction, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in thedelete_artifactsfunction oflocal_artifact_repo.py, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.Severity
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Remote Code Execution due to Full Controled File Write in mlflow
BIT-mlflow-2023-6018 / CVE-2023-6018 / GHSA-5p3h-7fwh-92rc
More information
Details
The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution (like overwriting
/home/<user>/.bashrc). A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
MLflow Path Traversal Vulnerability
BIT-mlflow-2023-6909 / CVE-2023-6909 / GHSA-5r3q-93q3-f978 / PYSEC-2023-252
More information
Details
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Jinja2 template injection in mlflow
BIT-mlflow-2023-6709 / CVE-2023-6709 / GHSA-cxfr-5q3r-2rc2 / PYSEC-2023-281
More information
Details
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
mlflow vulnerable to Path Traversal
BIT-mlflow-2024-1593 / CVE-2024-1593 / GHSA-f42m-mvfv-cgw5
More information
Details
A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
MLFlow Path Traversal Vulnerability
BIT-mlflow-2023-6975 / CVE-2023-6975 / GHSA-hh8p-p8mp-gqhm
More information
Details
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
mlflow Command Injection vulnerability
BIT-mlflow-2023-6940 / CVE-2023-6940 / GHSA-hvc6-42vf-jhf8
More information
Details
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
mlflow vulnerable to Path Traversal
BIT-mlflow-2024-1594 / CVE-2024-1594 / GHSA-m49c-5c52-6696
More information
Details
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the
artifact_locationparameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component#in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
MLflow Local File Disclosure Vulnerability
BIT-mlflow-2023-6977 / CVE-2023-6977 / GHSA-qg8p-32gr-gh6x
More information
Details
This vulnerability enables malicious users to read sensitive files on the server.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Path traversal in MLflow
BIT-mlflow-2023-6753 / CVE-2023-6753 / GHSA-v945-r3rc-6fjm / PYSEC-2023-309
More information
Details
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
MLflow Path Traversal Vulnerability
BIT-mlflow-2023-6976 / CVE-2023-6976 / GHSA-wv8q-4f85-2p8p
More information
Details
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.
Severity
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
BIT-mlflow-2023-6909 / CVE-2023-6909 / GHSA-5r3q-93q3-f978 / PYSEC-2023-252
More information
Details
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
BIT-mlflow-2023-6831 / CVE-2023-6831 / GHSA-554w-xh4j-8w64 / PYSEC-2023-253
More information
Details
Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
BIT-mlflow-2023-6709 / CVE-2023-6709 / GHSA-cxfr-5q3r-2rc2 / PYSEC-2023-281
More information
Details
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
BIT-mlflow-2023-6753 / CVE-2023-6753 / GHSA-v945-r3rc-6fjm / PYSEC-2023-309
More information
Details
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
BIT-mlflow-2024-27133 / CVE-2024-27133 / GHSA-3v79-q7ph-j75h / PYSEC-2024-241
More information
Details
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Cross-site Scripting in MLFlow
BIT-mlflow-2024-27132 / CVE-2024-27132 / GHSA-6749-m5cp-6cg7 / PYSEC-2024-240
More information
Details
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
mlflow vulnerable to Path Traversal
BIT-mlflow-2024-3573 / CVE-2024-3573 / GHSA-hq88-wg7q-gp4g / PYSEC-2024-243
More information
Details
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
BIT-mlflow-2024-27132 / CVE-2024-27132 / GHSA-6749-m5cp-6cg7 / PYSEC-2024-240
More information
Details
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stems from lack of sanitization over template variables.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
BIT-mlflow-2024-27133 / CVE-2024-27133 / GHSA-3v79-q7ph-j75h / PYSEC-2024-241
More information
Details
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
BIT-mlflow-2024-3573 / CVE-2024-3573 / GHSA-hq88-wg7q-gp4g / PYSEC-2024-243
More information
Details
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
MLflow allows low privilege users to delete any artifact
BIT-mlflow-2024-4263 / CVE-2024-4263 / GHSA-p4jx-q62p-x5jr / PYSEC-2024-51
More information
Details
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
Severity
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
BIT-mlflow-2024-4263 / CVE-2024-4263 / GHSA-p4jx-q62p-x5jr / PYSEC-2024-51
More information
Details
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
Severity
Unknown
References
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
Undefined Behavior in mlflow
BIT-mlflow-2024-3099 / CVE-2024-3099 / GHSA-8f8q-q2j7-7j2m
More information
Details
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Local File Inclusion in mlflow
BIT-mlflow-2024-2928 / CVE-2024-2928 / GHSA-j46q-5pxx-8vmw / PYSEC-2024-242
More information
Details
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
BIT-mlflow-2024-2928 / CVE-2024-2928 / GHSA-j46q-5pxx-8vmw / PYSEC-2024-242
More information
Details
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
mlflow Path Traversal vulnerability
BIT-mlflow-2024-1483 / CVE-2024-1483 / GHSA-f82r-jj5r-6g97
More information
Details
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
mlflow vulnerable to Path Traversal
BIT-mlflow-2024-1558 / CVE-2024-1558 / GHSA-j62r-wxqq-f3gf
More information
Details
A path traversal vulnerability exists in the
_create_model_version()function withinserver/handlers.pyof the mlflow/mlflow repository, due to improper validation of thesourceparameter. Attackers can exploit this vulnerability by crafting asourceparameter that bypasses the_validate_non_local_source_contains_relative_paths(source)function's checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subsequent misuse of the originalsourcevalue for model version creation, leading to the exposure of sensitive files when interacting with the/model-versions/get-artifacthandler.Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
BIT-mlflow-2024