mlflow@1.7.1 vulnerabilities

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper validation of the source parameter within the _create_model_version function. An attacker can gain arbitrary file read access on the server by crafting a source parameter that bypasses the _validate_non_local_source_contains_relative_paths(source) function's checks. This issue stems from the handling of unquoted URL characters and the misuse of the original source value for model version creation, leading to the exposure of sensitive files when interacting with the /model-versions/get-artifact handler.

Upgrade mlflow to version 2.12.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts handler and local_file_uri_to_path function. This vulnerability arises from an additional unquote operation in the delete_artifacts function of local_artifact_repo.py, which fails to adequately prevent path traversal sequences.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to insufficient validation of user-supplied input in the server's handlers. An attacker can access arbitrary files on the server by crafting a series of HTTP POST requests with specially crafted artifact_location and source parameters, using a local URI with the # component.

Note:

This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

Upgrade mlflow to version 2.11.3 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper handling of URL parameters. By smuggling path traversal sequences using the ; character in URLs, attackers can manipulate the params portion of the URL to gain unauthorized access to files or directories.

Upgrade mlflow to version 2.11.3 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to the handling of the artifact_location parameter when creating an experiment. An attacker can read arbitrary files on the server in the context of the server's process by using a fragment component # in the artifact location URI.

Note:

This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

Upgrade mlflow to version 2.12.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the is_local_uri function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in some dataframe fields. An attacker can execute code by convincing a user to run a recipe in a Jupyter Notebook with a malicious dataset.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the __init__.py file. An attacker can inject malicious templates leading to a Remote Code Execution.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Access Control via a specially crafted path input that exploits improper neutralization of special elements through the FTP model. An attacker can gain unauthorized read or write access to files on the server by submitting a path with directory traversal sequences.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Directory Traversal allowing arbitrary file writes on the server, by including a # in pathname to bypass the validate_path_is_safe() check.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary File Read due to a bypass of the fix for CVE-2023-2780. This allows attackers to trick the is_local_uri() function into downloading arbitrary files unrelated to MLflow from the host server, including any files stored in remote locations to which the host server has access.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) by exploiting the redirect behavior of the default HTTP protocol inside an http or runs: wrapper. An attacker can access internal resources and achieve arbitrary file writes by triggering the _download_file() function in HttpArtifactRepository.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Command Injection because of an invalid fix for CVE-2023-6709. Attackers can gain full command execution on the victim system, with only one user interaction.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Directory Traversal when processing of a specially crafted file path that includes directory traversal sequences (..\). An attacker can read files outside of the restricted directory by submitting a crafted file path that exploits inadequate path sanitization.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Directory Traversal when passing crafted input to the file handling mechanism. It is possible to bypass the validate_path_is_safe function check by URL encoding (%2E%2E).

Note:

An attacker can remove any file on the victim server (depending on user's rights) by exploiting this vulnerability.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal by loading datasets on Windows. Exploiting this vulnerability is possible when the filename is controlled by the path of the URL on Windows then, it is possible to write files outside of the current working directory using backslash '' instead of front slash '/' as posixpath.basename does not work with Windows paths.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine. An attacker can execute arbitrary code or commands by injecting malicious input into the template system.

Note:

In order for this vulnerability to be exploited, the user must load a recipe configuration that he found on the internet.

Upgrade mlflow to version 2.9.2 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An attacker can inject code into the Content-Type header of a POST request, which is then reflected back to the user without proper sanitization or escaping. This can lead to compromising user sessions, stealing sensitive information, or performing other malicious actions on the user's behalf.

Upgrade mlflow to version 2.9.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to OS Command Injection through a /ajax-api/2.0/mlflow/model-versions/create request. A malicious user could use this issue to get command execution on the vulnerable machine and get access to data and models information.

Upgrade mlflow to version 2.9.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings due to incomplete fix for CVE-2023-1177. A bypass for in both mlflow server and mlflow ui was discovered to go around MLFlow's implementation of basic authentication.

Upgrade mlflow to version 2.8.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory due to checks bypass in handlers.py. An attacker can break out of the root directory on Windows, being able to read or write sensitive data from the host (which can include the SSH key).

Note:

This issue is only exploitable on Windows OS.

Upgrade mlflow to version 2.8.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Command Injection due to not properly escaping the arguments used by the predict() method in the backend.py file.

Upgrade mlflow to version 2.6.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Directory Traversal via the function _validate_non_local_source_contains_relative_paths due to improper validation of the 'source' parameter.

Upgrade mlflow to version 2.4.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary File Read due to a bypass of the fix for CVE-2023-1177. This allows attackers to download arbitrary files unrelated to MLflow from the host server, including any files stored in remote locations to which the host server has access.

Upgrade mlflow to version 2.3.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Directory Traversal due to improper validation of the path parameter in handlers.py.

Upgrade mlflow to version 2.0.0rc0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Relative Path Traversal due to allowing the ability to provide relative paths in registered model sources.

Note:

This issue only affects users and integrations that run the mlflow server and mlflow ui commands. Integrations that do not make use of mlflow server or mlflow ui are unaffected; for example, the Databricks Managed MLflow product and MLflow on Azure Machine Learning do not make use of these commands and are not impacted by these vulnerabilities in any way.

Upgrade mlflow to version 2.3.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Access Restriction Bypass. Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands may be vulnerable to a remote file access exploit if they are not limiting who can query their server (for example, by using a cloud VPC, an IP allowlist for inbound requests, or authentication / authorization middleware).

This issue only affects users and integrations that run the mlflow server and mlflow ui commands. Integrations that do not make use of mlflow server or mlflow ui are unaffected; for example, the Databricks Managed MLflow product and MLflow on Azure Machine Learning do not make use of these commands and are not impacted by these vulnerabilities in any way. The vulnerability is very similar to CVE-2023-1177

Upgrade mlflow to version 2.3.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Relative Path Traversal such that by creating a model version through the REST API endpoint api/2.0/mlflow/registered-models/create and specifying a relative path redirection to the source argument, local server files can be accessed on the tracking server when a subsequent REST API v1.1 call is made to model-versions/get-artifact.

Upgrade mlflow to version 2.3.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Access Restriction Bypass via the mlflow server and mlflow ui CLIs.

Upgrade mlflow to version 2.2.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Improper Access Control which enables malicious actors to download arbitrary files unrelated to MLflow from the host server, including any files stored in remote locations to which the host server has access. This issue only affects users and integrations that run the mlflow-server and mlflow-ui commands.

Upgrade mlflow to version 2.2.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Insecure Temporary File which is using the deprecated function tempfile.mktemp() that is not secure because a different process may create a file with this name in the time between the call to mktemp() and the attempt to create the file.

Upgrade mlflow to version 1.23.1 or higher.