Lucene search

Veracode Vulnerability DatabaseVERACODE:44314

HistoryNov 17, 2023 - 10:07 a.m.

Path Traversal

2023-11-1710:07:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mlflow

path traversal

windows

vulnerability

sensitive files

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

mlflow is vulnerable to Path Traversal. The vulnerability is caused by a missing validation on Windows file paths starting with driver letter and colon (e:g C:…) which result into relative paths when ultimately evaluated. This can lead to an attacker breaking out of the root mlflow directory (e.g: by exploiting /api/2.0/mlflow-artifacts/artifacts endpoint ) and access sensitive files/data.

References

github.com/advisories/GHSA-f798-qm4r-23r5

github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7

github.com/mlflow/mlflow/pull/10330

huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3

huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

36.9%

JSON

Related for VERACODE:44314