BIT-mlflow-2023-2780
Path Traversal vulnerability in mlflow (PyPI)
What is BIT-mlflow-2023-2780 About?
MLflow versions prior to 2.3.0 are vulnerable to path traversal, bypassing a previous fix (CVE-2023-1177). This allows attackers to access arbitrary files and directories outside of the intended scope. The vulnerability can be exploited by crafting specific input that manipulates file paths, potentially leading to information disclosure or remote code execution.
Affected Software
- mlflow
- <fae77a525dd908c56d6204a4cef1c1c75b4e9857
- <2.3.1
- <2.3.0
Technical Details
This vulnerability in MLflow (prior to 2.3.0) is a path traversal defect, indicating an incomplete or ineffective fix for a previous similar issue (CVE-2023-1177). The mechanism involves an attacker providing specially crafted input, typically a file path containing sequences like ../ (dot-dot-slash), which is then used by the application in file system operations. Due to insufficient sanitization or validation of this input, the application interprets the malicious path component as a legitimate directive to traverse outside of the intended directory. This allows the attacker to read, write, or possibly execute arbitrary files on the server's file system, moving beyond the restricted directory scope of MLflow artifacts or logs.
What is the Impact of BIT-mlflow-2023-2780?
Successful exploitation may allow attackers to access, read, or potentially write to arbitrary files and directories on the server, leading to information disclosure, data corruption, or remote code execution.
What is the Exploitability of BIT-mlflow-2023-2780?
Exploitation of this path traversal vulnerability typically requires an attacker to submit a specially crafted string containing directory traversal sequences (e.g., ../). The complexity is moderate, requiring knowledge of how MLflow handles file paths and the specific bypass for CVE-2023-1177. Authentication requirements depend on whether the vulnerable file operation can be initiated by unauthenticated users. If authentication is needed to, for example, upload or specify artifact paths, then an authenticated attacker is required. No special privileges beyond normal user access that can interact with the file system through MLflow are typically needed. This is generally a remote vulnerability if the MLflow server is accessible over a network. The likelihood of exploitation increases if MLflow deployments process untrusted inputs in file-related operations, representing a significant risk factor.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2023-2780?
Available Upgrade Options
- mlflow
- <2.3.1 → Upgrade to 2.3.1
- mlflow
- <2.3.0 → Upgrade to 2.3.0
- mlflow
- <fae77a525dd908c56d6204a4cef1c1c75b4e9857 → Upgrade to fae77a525dd908c56d6204a4cef1c1c75b4e9857
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-69.yaml
- https://nvd.nist.gov/vuln/detail/CVE-2023-2780
- https://github.com/mlflow/mlflow
- https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
- https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
- https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
- https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
- https://osv.dev/vulnerability/PYSEC-2023-69
- https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
What are Similar Vulnerabilities to BIT-mlflow-2023-2780?
Similar Vulnerabilities: CVE-2023-1177 , CVE-2023-30691 , CVE-2023-28432 , CVE-2023-35804 , CVE-2023-39203
