CVE-2024-1594

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

CVE-2024-1593

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

CVE-2024-27133

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

BIT-MLFLOW-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

BIT-MLFLOW-2024-1560 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

BIT-MLFLOW-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

BIT-MLFLOW-2024-4263 Improper Access Control in mlflow/mlflow

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...

GHSA-Q2X7-8RV6-6Q7H vulnerabilities

Vulnerabilities for packages: py3.11-torchvision-cuda-12.3, py3-torchvision-cuda-11.8, py3.9-torchvision-cuda-12.3, apache-beam-python-3.11-sdk, nemo, py3.9-torchvision-cuda-11.8, emissary, kubeflow-volumes-web-app, ansible-operator, airflow, py3.11-torchaudio-cuda-12.3, mlflow, localstack, kserv...

GHSA-GMJ6-6F8F-6699 vulnerabilities

Vulnerabilities for packages: py3.11-torchvision-cuda-12.3, py3-torchvision-cuda-11.8, py3.9-torchvision-cuda-12.3, apache-beam-python-3.11-sdk, nemo, py3.9-torchvision-cuda-11.8, emissary, kubeflow-volumes-web-app, ansible-operator, airflow, py3.11-torchaudio-cuda-12.3, mlflow, localstack, kserv...

CVE-2024-56201 vulnerabilities

Vulnerabilities for packages: py3.11-torchvision-cuda-12.3, py3-torchvision-cuda-11.8, py3.9-torchvision-cuda-12.3, apache-beam-python-3.11-sdk, nemo, py3.9-torchvision-cuda-11.8, emissary, kubeflow-volumes-web-app, ansible-operator, airflow, py3.11-torchaudio-cuda-12.3, mlflow, localstack, kserv...

Local Privilege Escalation

MLflow is vulnerable to Local Privilege Escalation. The vulnerability is due to excessive directory permissions, allowing a Time-of-Check to Time-of-Use ToCToU attack when the sparkudf MLflow API is called...

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning ML tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22...

BIT-MLFLOW-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +176 more potentially affected by CVE-2024-27134 via mlflow (>=0.8.2 <=2.15.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.2.4 and more Source cves: CVE-2024-27134 Source advisory: OSV:GHSA-QPGC-W4MG-6V92...

GHSA-QPGC-W4MG-6V92 MLflow's excessive directory permissions allow local privilege escalation

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...