BIT-mlflow-2023-6018
Arbitrary File Write vulnerability in mlflow (PyPI)
What is BIT-mlflow-2023-6018 About?
This vulnerability in the MLflow web server allows for arbitrary file write and overwrite capabilities on the file system. Attackers can leverage this to achieve remote code execution by overwriting critical system files. Exploitation is difficult and requires an understanding of how to plant specific files to gain control, but the impact is severe.
Affected Software
Technical Details
The MLflow web server contains a flaw that enables an authenticated or in some cases unauthenticated attacker to write or overwrite arbitrary files on the underlying filesystem. The core mechanism involves a bug in how file paths or content are handled during certain operations within the MLflow server, potentially in features related to experiment tracking or model deployment, allowing an attacker to bypass directory restrictions or input validations. By exploiting this, an adversary can plant malicious files, modify configuration files (e.g., ~/.bashrc), or inject malicious code into existing scripts. This capability can then be leveraged to achieve full Remote Code Execution (RCE) on the server, granting access to sensitive data and models.
What is the Impact of BIT-mlflow-2023-6018?
Successful exploitation may allow attackers to write and overwrite arbitrary files on the system, leading to remote code execution, data compromise, full system control, and potential access to sensitive data and models.
What is the Exploitability of BIT-mlflow-2023-6018?
Exploitation of this arbitrary file write vulnerability is complex. It requires a detailed understanding of the MLflow web server's internal mechanisms and file handling processes to identify a writable path or overwrite a specific, impactful file (e.g., a startup script or configuration file). Authentication requirements might vary depending on the specific flawed endpoint, but often an authenticated session is needed. Privilege requirements depend on the context of the MLflow server process. This is primarily a remote exploitation scenario, requiring network access to the MLflow web server. Special conditions include identifying targets for file overwrites that lead to code execution (e.g., a cron job, a user's .bashrc, or a web server configuration that allows script execution). The risk factors are significantly increased if the MLflow instance is publicly accessible or handles untrusted inputs related to file operations.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2023-6018?
Available Upgrade Options
- mlflow
- <2.9.2 → Upgrade to 2.9.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2023-6018
- https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30
- https://github.com/mlflow/mlflow/commit/55c72d02380e8db8118595a4fdae7879cb7ac5bd
- https://osv.dev/vulnerability/GHSA-5p3h-7fwh-92rc
- https://github.com/mlflow/mlflow
- https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30
What are Similar Vulnerabilities to BIT-mlflow-2023-6018?
Similar Vulnerabilities: CVE-2022-26134 , CVE-2021-41773 , CVE-2020-14816 , CVE-2019-13067 , CVE-2018-18890
