BIT-mlflow-2023-6977
Remote Code Execution vulnerability in mlflow (PyPI)
What is BIT-mlflow-2023-6977 About?
Apache ActiveMQ is vulnerable to Remote Code Execution (RCE) via manipulation of serialized class types in the OpenWire protocol. This allows a remote attacker with network access to a broker to run arbitrary shell commands. Exploitation relies on specific network access and knowledge of the protocol's serialization mechanisms.
Affected Software
Technical Details
The vulnerability in Apache ActiveMQ allows for Remote Code Execution (RCE) through a deserialization flaw in the OpenWire protocol. A remote attacker with network access to the ActiveMQ broker can send a specially crafted OpenWire message. This message contains manipulated serialized class types. Due to improper validation during deserialization, the broker attempts to instantiate arbitrary classes that exist on its classpath. By pointing to a gadget chain or a malicious class, the attacker can force the broker to execute arbitrary shell commands, achieving full RCE on the underlying system.
What is the Impact of BIT-mlflow-2023-6977?
Successful exploitation may allow attackers to execute arbitrary commands, take full control of the affected system, or deploy malware.
What is the Exploitability of BIT-mlflow-2023-6977?
Exploitation requires direct network access to the ActiveMQ broker and involves crafting specific OpenWire protocol messages. The complexity is moderate to high, as it requires knowledge of Java deserialization vulnerabilities and potential gadget chains. No authentication is typically required for this specific attack vector as it targets the message deserialization process itself. Local access is not needed; it is inherently a remote exploitation scenario. The risk is significantly increased when ActiveMQ brokers are exposed directly to untrusted networks or the internet.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2023-6977?
Available Upgrade Options
- mlflow
- <2.9.2 → Upgrade to 2.9.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c
- https://osv.dev/vulnerability/GHSA-qg8p-32gr-gh6x
- https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf
- https://github.com/mlflow/mlflow
- https://nvd.nist.gov/vuln/detail/CVE-2023-6977
- https://github.com/mlflow/mlflow/commit/4bd7f27c810ba7487d53ed5ef1038fca0f8dc28c
- https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf
What are Similar Vulnerabilities to BIT-mlflow-2023-6977?
Similar Vulnerabilities: CVE-2023-46604 , CVE-2023-50164 , CVE-2023-38035 , CVE-2023-36830 , CVE-2023-35805
