BIT-mlflow-2023-3765
Absolute Path Traversal vulnerability in mlflow (PyPI)
What is BIT-mlflow-2023-3765 About?
This vulnerability in MLflow prior to version 2.5.0 allows for an absolute path traversal. An attacker can leverage this flaw to access or manipulate files outside of the intended directory. The ease of exploitation depends on the specific context of how paths are handled within MLflow.
Affected Software
- mlflow
- <6dde93758d42455cb90ef324407919ed67668b9b
- <2.5.0
Technical Details
The vulnerability is an Absolute Path Traversal in the GitHub repository mlflow/mlflow prior to version 2.5.0. This refers to a flaw where an attacker can specify an absolute path to a file or directory, bypassing any controls meant to restrict file access to a specific sub-directory. While the exact mechanism is not detailed in the description, typical absolute path traversal vulnerabilities occur when user-supplied input is directly used in file system operations without proper sanitization or validation to ensure the path remains within an allowed directory. This could involve an attacker providing a full system path (e.g., /etc/passwd or C:\Windows\system32\calc.exe) to a function that was expecting a relative path or a filename within a confined root.
What is the Impact of BIT-mlflow-2023-3765?
Successful exploitation may allow attackers to read, write, or execute arbitrary files on the system, leading to information disclosure, data corruption, or full system compromise.
What is the Exploitability of BIT-mlflow-2023-3765?
Exploitation complexity for an absolute path traversal vulnerability can vary from low to medium, depending on the specific input vector and the context within MLflow. Attackers would need to identify a feature that allows specifying file paths, either directly or indirectly, through user-controlled input. Authentication requirements are not specified but would likely depend on whether the vulnerable functionality is accessible pre- or post-authentication. Privilege requirements would correlate with the privileges of the MLflow application itself. This could be a remote or local vulnerability based on the accessibility of the affected component. The risk factors that increase exploitation likelihood include applications that accept user-provided file paths or file names without stringent validation and sanitization.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2023-3765?
Available Upgrade Options
- mlflow
- <6dde93758d42455cb90ef324407919ed67668b9b → Upgrade to 6dde93758d42455cb90ef324407919ed67668b9b
- mlflow
- <2.5.0 → Upgrade to 2.5.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
- https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-308.yaml
- https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
- https://github.com/mlflow/mlflow
- https://nvd.nist.gov/vuln/detail/CVE-2023-3765
- https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76
- https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76
- https://osv.dev/vulnerability/PYSEC-2023-308
- https://osv.dev/vulnerability/GHSA-fmxj-6h9g-6vw3
What are Similar Vulnerabilities to BIT-mlflow-2023-3765?
Similar Vulnerabilities: CVE-2023-29159 , CVE-2023-41040 , CVE-2022-31045 , CVE-2020-13936 , CVE-2021-39293
