mlflow@2.9.2 vulnerabilities

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper validation of the source parameter within the _create_model_version function. An attacker can gain arbitrary file read access on the server by crafting a source parameter that bypasses the _validate_non_local_source_contains_relative_paths(source) function's checks. This issue stems from the handling of unquoted URL characters and the misuse of the original source value for model version creation, leading to the exposure of sensitive files when interacting with the /model-versions/get-artifact handler.

Upgrade mlflow to version 2.12.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts handler and local_file_uri_to_path function. This vulnerability arises from an additional unquote operation in the delete_artifacts function of local_artifact_repo.py, which fails to adequately prevent path traversal sequences.

There is no fixed version for mlflow.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to insufficient validation of user-supplied input in the server's handlers. An attacker can access arbitrary files on the server by crafting a series of HTTP POST requests with specially crafted artifact_location and source parameters, using a local URI with the # component.

Note:

This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

Upgrade mlflow to version 2.11.3 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper handling of URL parameters. By smuggling path traversal sequences using the ; character in URLs, attackers can manipulate the params portion of the URL to gain unauthorized access to files or directories.

Upgrade mlflow to version 2.11.3 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to the handling of the artifact_location parameter when creating an experiment. An attacker can read arbitrary files on the server in the context of the server's process by using a fragment component # in the artifact location URI.

Note:

This vulnerability is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.

Upgrade mlflow to version 2.12.1 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Path Traversal due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the is_local_uri function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in some dataframe fields. An attacker can execute code by convincing a user to run a recipe in a Jupyter Notebook with a malicious dataset.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the __init__.py file. An attacker can inject malicious templates leading to a Remote Code Execution.

Upgrade mlflow to version 2.10.0 or higher.

mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.

Affected versions of this package are vulnerable to Arbitrary File Read due to a bypass of the fix for CVE-2023-2780. This allows attackers to trick the is_local_uri() function into downloading arbitrary files unrelated to MLflow from the host server, including any files stored in remote locations to which the host server has access.

Upgrade mlflow to version 2.10.0 or higher.