MLflow Job API - Authentication Bypass

MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...

GHSA-67C5-X5MF-RPPQ MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

Origin Validation Error

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Origin Validation Error in the /ajax-api endpoints. An attacker ca...

mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

GHSA-7QHF-V65M-G5F3 mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

MLflow 访问控制错误漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible executions, and sharing and deploying models. There is a security vulnerability in MLflow, which stems from the lack of authentication or...

Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

Description Analyzed project version: MLflow 3.9.0 /version, commit 6e61043b0ff5d845bea479d7e7ea24dcd4b2c629. In MLflow 3.9.0, a new feature called MLflow Assistant was introduced, intended only for local development and designed to integrate with Claude Code accepting requests only from loopback...

EUVD-2022-3195

Malicious code in bioql PyPI...

BIT-DRUPAL-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

Simple Student Attendance System 1.0 SQL Injection

Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Date: 26 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage:...

PT-2024-18425 · Sourcecodester · Simple Student Attendance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A critical issue was found in the function delete class/delete student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument ...

CVE-2023-6658

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=saveattendance. The manipulation of the argument classid leads to sql injection. The exploit has been disclosed to the...

SourceCodester Simple Student Attendance System SQL Injection Vulnerability

Simple Student Attendance System is a simple student attendance system. SourceCodester Simple Student Attendance System version 1.0 suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in the file ajax-api.php...

Local File Read Bypass in mlflow/mlflow

Description This is a bypass to the following submission which was assigned CVE-2023-1177. Proof of Concept Start the server or UI it works on both identically mlflow ui --host 127.0.0.1:5000 1. Create a Model named "AJAX-API". curl -i -s -k -X $'POST' -H $'Host: 127.0.0.1:5000' -H $'User-Agent:...

Blind LFI in register-model/get?name=

Description A blind LFI exists in /ajax-api/2.0/mlflow/registered-models/get?name= The response from the server is different depending on if the file exists on the local file system or not. When the arbitrary local file exists, the server responds with 500 INTERNAL SERVER ERROR and when it doesn'...

GHSA-8JJ2-X2GC-GGM7 Drupal Core Cross-site scripting vulnerability

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

Drupal Core Cross-site scripting vulnerability

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

CVE-2020-13666

Vulnerability: CVE-2020-13666 – Cross-site scripting in Drupal Core via JSONP in the AJAX API. Affected products (examples): Drupal Core 7.x before 7.73; 8.8.x before 8.8.10; 8.9.x before 8.9.6; 9.0.x before 9.0.6. Root cause: JSONP is not disabled by default in the Drupal AJAX API, enabling XSS ...