CVE-2023-6015
Absolute Path Traversal vulnerability in mlflow (PyPI)
What is CVE-2023-6015 About?
This vulnerability is an Absolute Path Traversal attack within the Ansible automation platform, allowing an attacker to craft a malicious Ansible role. Executing this role enables the attacker to use a symlink to overwrite files outside the intended extraction path. Exploitation requires user interaction to execute the malicious role.
Affected Software
Technical Details
The vulnerability stems from improper handling of absolute paths during the extraction of Ansible roles. An attacker crafts a malicious Ansible role containing a symbolic link (symlink) that points to an absolute path outside the designated role extraction directory. When a victim executes this malicious role, the Ansible platform, without adequately validating the symlink's target, resolves the absolute path and writes or overwrites a file at that arbitrary location on the file system. This bypasses the intended directory restrictions, allowing the attacker to manipulate sensitive files on the system.
What is the Impact of CVE-2023-6015?
Successful exploitation may allow attackers to overwrite arbitrary files on the system, potentially leading to privilege escalation, arbitrary code execution, or system compromise.
What is the Exploitability of CVE-2023-6015?
Exploitation requires user interaction, as the victim must choose to execute the crafted malicious Ansible role. The attacker needs to distribute this role to target users. No prior authentication is required to create the malicious role, but the victim must have privileges to execute Ansible roles which would typically grant some level of system access. This is primarily a local vulnerability once the malicious role is on the target system, though distribution can be remote. The complexity lies in social engineering or delivering the malicious role. The risk is significantly higher in environments where users frequently import and execute untrusted Ansible content.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-6015?
Available Upgrade Options
- mlflow
- <2.8.1 → Upgrade to 2.8.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-f798-qm4r-23r5
- https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3
- https://nvd.nist.gov/vuln/detail/CVE-2023-6015
- https://github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7
- https://github.com/mlflow/mlflow
- https://github.com/mlflow/mlflow/pull/10330
- https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3
What are Similar Vulnerabilities to CVE-2023-6015?
Similar Vulnerabilities: CVE-2023-6831 , CVE-2023-38035 , CVE-2023-36845 , CVE-2022-29007 , CVE-2022-26993
