BIT-mlflow-2024-27133
Cross-Site Scripting (XSS) vulnerability in mlflow (PyPI)
What is BIT-mlflow-2024-27133 About?
This vulnerability in MLflow leads to Cross-Site Scripting (XSS) due to insufficient sanitization of untrusted dataset fields when running a recipe. Successful exploitation can result in client-side Remote Code Execution (RCE) specifically within a Jupyter Notebook environment. The ease of exploitation is moderate, requiring interaction with crafted dataset fields.
Affected Software
Technical Details
The MLflow platform exhibits an XSS vulnerability due to inadequate sanitization of dataset table fields, which are then rendered without proper encoding in contexts like Jupyter Notebooks. An attacker can craft an untrusted dataset containing malicious scripts within its field values. When a user runs an MLflow recipe that uses this untrusted dataset in a Jupyter Notebook, the malicious script embedded in the dataset fields will be rendered and executed in the user's browser. Given that Jupyter Notebooks often run with elevated permissions in a development environment, this client-side XSS can lead to Remote Code Execution (RCE) on the user's machine, as the script can access and manipulate the Jupyter kernel.
What is the Impact of BIT-mlflow-2024-27133?
Successful exploitation may allow attackers to execute arbitrary scripts in the victim's browser context, leading to session hijacking, data theft, phishing, or, in specific environments like Jupyter Notebooks, client-side remote code execution.
What is the Exploitability of BIT-mlflow-2024-27133?
Exploitation of this XSS vulnerability is of moderate complexity. It requires an attacker to introduce an untrusted dataset with malicious content (e.g., JavaScript) into an MLflow environment. A prerequisite for client-side RCE is that a victim must then run an MLflow recipe that utilizes this untrusted dataset within a Jupyter Notebook. There are no explicit authentication or privilege requirements for the script execution itself, but influencing dataset content or convincing a user to run a recipe with it would typically require some level of access or social engineering. This is a client-side attack, potentially triggered remotely if the untrusted dataset is publicly accessible. Risk factors increase in collaborative environments where users might share or use datasets from unknown sources within Jupyter Notebooks.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-mlflow-2024-27133?
Available Upgrade Options
- mlflow
- <2.10.0 → Upgrade to 2.10.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/mlflow/mlflow/commit/cfa71879a884cc3520e23ccab998c9aa78fdf2b1
- https://github.com/mlflow/mlflow/pull/10893
- https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-241.yaml
- https://github.com/mlflow/mlflow/pull/10893
- https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932
- https://github.com/mlflow/mlflow
- https://osv.dev/vulnerability/GHSA-3v79-q7ph-j75h
- https://github.com/mlflow/mlflow/commit/c43823750bffa5b6abcc086683b15a068513b67b
- https://nvd.nist.gov/vuln/detail/CVE-2024-27133
What are Similar Vulnerabilities to BIT-mlflow-2024-27133?
Similar Vulnerabilities: CVE-2023-50005 , CVE-2023-45585 , CVE-2023-38556 , CVE-2022-37452 , CVE-2022-27666
