Mlflow
CVE-2024-3573
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 3 pypi packages depend on mlflow (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.10.0.
DescriptionNVD
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.
AnalysisAI
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-29. mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root. Affected products include: Lfprojects Mlflow.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerabilit
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. Rated critical severity (CVSS 10.0), this vul
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it cou
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. Rated critical s
An attacker can overwrite any file on the server hosting MLflow without any authentication. Rated critical severity (CVS
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. Rated critical severity (CVSS 9.8), th
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. Rated critical severity (CVSS 9.8), th
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. Rated critical se
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. Rated critical severity (CVSS 9.6), t
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of specia
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a malicious
Same weakness CWE-29 – Path Traversal: '\\..\\filename'
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today