MLflow's excessive directory permissions allow local privilege escalation

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to excessive...

autonomize-model-sdk (=1.0.4), autorad (=0.2.6) +37 more potentially affected by CVE-2024-27134 via mlflow (>=2.0.0rc0 <=2.15.1)

mlflow PYPI version =2.0.0rc0, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =1.0.0, =0.0.1, =0.1.0, =1.10.2, =0.1.2, =1.2.7, =0.1.0, =0.1.1, =0.1.5 - justmltools =3.9.3 and more Source cves: CVE-2024-27134 Source advisory: SNYK:PYTHON-MLFLOW-8400874...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +176 more potentially affected by CVE-2024-27134 via mlflow (>=0.8.2 <=2.15.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.2.4 and more Source cves: CVE-2024-27134 Source advisory: OSV:PYSEC-2024-224...

CVE-2024-27134

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

CVE-2024-27134

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

PYSEC-2024-224

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

CVE-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

CVE-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...

CVE-2024-27134

CVE-2024-27134 : Multiple connected sources confirm a vulnerability in MLflow’s spark_udf API where excessive directory permissions allow a local attacker to achieve privilege escalation via a ToCToU attack. Affected: MLflow (spark_udf path) with local execution context. Root cause: insufficient ...

PT-2024-21667 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow affected versions not specified Description: The issue concerns excessive directory permissions in MLflow, which can lead to local privilege escalation when using spark udf. This behavior can be exploited by a local attacker to gain...

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow that stems from excessive directory permissions that can lea...

MLflow < 2.9.2 Path Traversal Vulnerability

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 Tenable, Inc. include'compat.inc'; if description scriptid210769;...

Exploit for Path Traversal in Lfprojects Mlflow

CVE-2024-2928 Arbitrary file read exploit for CVE-2024-2928 in...

CSRF ON SIGNUP PAGE

CSRF ON CREATING A NEW USER in mlflow/mlflow Reported on Oct 31st 2024 The Signup feature of Mlflow is vulnerable to CSRF attack that allow attacker to create a new account. This may be used to perform unauthorised actions on behalf of the malcious user . Proof of Concept : An attacker can use CS...

BIT-MLFLOW-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

BIT-MLFLOW-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

BIT-MLFLOW-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

MLflow Registry Enumeration

Binary data mlflowregistryenumeration.nbin...

MLFlow < 2.12.1 File Deletion

A broken access control vulnerability exists in mlflow/mlflow versions before 2.12.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing...