Lucene search

GitHub Advisory DatabaseGHSA-6749-M5CP-6CG7

HistoryFeb 24, 2024 - 12:30 a.m.

Cross-site Scripting in MLFlow

2024-02-2400:30:20

CWE-79

GitHub Advisory Database

github.com

mlflow

xss

vulnerability

untrusted recipe

execution

jupyter notebook

client-side rce

sanitization

template variables

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.

Affected configurations

Vulners

Node

lfprojectsmlflowRange<2.10.0

VendorProductVersionCPE
lfprojectsmlflow*cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lfprojects	mlflow	*	cpe:2.3:a:lfprojects:mlflow::::::::

References

github.com/advisories/GHSA-6749-m5cp-6cg7

github.com/mlflow/mlflow/pull/10873

nvd.nist.gov/vuln/detail/CVE-2024-27132

research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-6749-M5CP-6CG7