BIT-mlflow-2024-27132
XSS vulnerability in mlflow (PyPI)
What is BIT-mlflow-2024-27132 About?
This vulnerability in MLflow is due to insufficient sanitization of template variables, leading to Cross-Site Scripting (XSS) when running untrusted recipes. Successful exploitation can result in client-side Remote Code Execution (RCE) within Jupyter Notebook environments. The ease of exploitation is high given the direct connection between unsanitized templates and code execution.
Affected Software
Technical Details
The vulnerability stems from MLflow's failure to adequately sanitize template variables when processing and executing untrusted recipes. An attacker can embed malicious client-side script code directly within these template variables. When an unsuspecting user runs an untrusted recipe in an environment like Jupyter Notebook, the unsanitized template variables are rendered, causing the embedded malicious script to execute in the user's browser context. This client-side execution can escalate to Remote Code Execution (RCE) by leveraging the capabilities of the Jupyter Notebook environment, allowing an attacker to execute arbitrary commands on the victim's machine.
What is the Impact of BIT-mlflow-2024-27132?
Successful exploitation may allow attackers to execute arbitrary scripts in the victim's browser context, leading to session hijacking, data exfiltration, defacement, or redirection to malicious websites. In certain environments, this could escalate to client-side remote code execution.
What is the Exploitability of BIT-mlflow-2024-27132?
Exploitation complexity is moderate, requiring an attacker to be able to supply or influence the content of an 'untrusted recipe' processed by MLflow. This typically means the attacker needs to have some level of access or influence over artifacts that users might execute. No specific authentication or high privileges are inherently required for the XSS itself, though injecting the untrusted recipe might require some form of access. This is a remote vulnerability, as the malicious recipe can be delivered to and executed by a victim. Special conditions include the victim running an untrusted recipe within a Jupyter Notebook or a similar client-side execution environment. Risk factors increase if MLflow deployments commonly ingest and execute recipes from potentially untrusted sources or if collaboration environments allow users to share and run recipes without strict vetting.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2024-27132?
Available Upgrade Options
- mlflow
- <2.10.0 → Upgrade to 2.10.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-240.yaml
- https://github.com/mlflow/mlflow/pull/10873
- https://github.com/mlflow/mlflow
- https://osv.dev/vulnerability/GHSA-6749-m5cp-6cg7
- https://github.com/mlflow/mlflow/pull/10873
- https://github.com/mlflow/mlflow/pull/10873
- https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/
- https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930
- https://osv.dev/vulnerability/PYSEC-2024-240
What are Similar Vulnerabilities to BIT-mlflow-2024-27132?
Similar Vulnerabilities: CVE-2023-38035 , CVE-2022-23588 , CVE-2021-36202 , CVE-2020-11022 , CVE-2019-11358
