4 matches found
Local Privilege Escalation
MLflow is vulnerable to Local Privilege Escalation. The vulnerability is due to excessive directory permissions, allowing a Time-of-Check to Time-of-Use ToCToU attack when the sparkudf MLflow API is called...
PYSEC-2024-224
Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...
CVE-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf
Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...
CVE-2024-27134 Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf
Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf MLflow API is called...