CVE-2023-1176
File Existence Check vulnerability in mlflow (PyPI)
What is CVE-2023-1176 About?
This vulnerability in MLflow versions older than 2.2.1, when using `mlflow server` or `mlflow ui` with the Model Registry, allows a remote file existence check exploit. An attacker can check for the existence of arbitrary files on the host server. This can lead to information disclosure if the server is not properly secured, and is relatively easy to exploit with controlled queries.
Affected Software
- mlflow
- <63ef72aa4334a6473ce7f889573c92fcae0b3c0d
- <2.2.2
- <2.2.1
Technical Details
The vulnerability impacts MLflow Open Source Project users running mlflow server or mlflow ui commands with an MLflow Model Registry older than version 2.2.1. The flaw allows an actor to query the server in a way that, without proper authorization or network restrictions, can elicit responses indicating the existence or non-existence of arbitrary files on the host server's file system, including files in remote locations accessible by the server. This is a file existence check exploit, likely stemming from improper validation of file paths or resource identifiers in API calls, allowing an attacker to construct queries that reference paths outside the intended MLflow artifact stores.
What is the Impact of CVE-2023-1176?
Successful exploitation may allow attackers to disclose sensitive information about the server's file system, including configuration files, private keys, or other confidential data.
What is the Exploitability of CVE-2023-1176?
Exploitation requires an attacker to send specific queries to an MLflow server configured with Model Registry running a vulnerable version. The complexity is low to moderate, depending on the specific API endpoint and parameters involved. Authentication requirements depend on whether the mlflow server or mlflow ui instance is publicly accessible or behind an authentication mechanism; if not authenticated, the exploit is straightforward. This is a remote vulnerability. Key risk factors include public exposure of the MLflow server without network restrictions (e.g., VPC, IP allowlist) and without robust authentication/authorization middleware, as well as the server having overly broad file system or cloud storage access permissions.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-1176?
Available Upgrade Options
- mlflow
- <2.2.2 → Upgrade to 2.2.2
- mlflow
- <2.2.1 → Upgrade to 2.2.1
- mlflow
- <63ef72aa4334a6473ce7f889573c92fcae0b3c0d → Upgrade to 63ef72aa4334a6473ce7f889573c92fcae0b3c0d
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d
- https://huntr.dev/bounties/ae92f814-6a08-435c-8445-eec0ef4f1085
- https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d
- https://github.com/mlflow/mlflow/security/advisories/GHSA-wp72-7hj9-5265
- https://github.com/mlflow/mlflow
- https://huntr.dev/bounties/ae92f814-6a08-435c-8445-eec0ef4f1085
- https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-28.yaml
- https://osv.dev/vulnerability/PYSEC-2023-28
- https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d
- https://nvd.nist.gov/vuln/detail/CVE-2023-1176
What are Similar Vulnerabilities to CVE-2023-1176?
Similar Vulnerabilities: CVE-2021-29447 , CVE-2020-13936 , CVE-2022-22956 , CVE-2023-28432 , CVE-2022-36946
