Lucene search

Veracode Vulnerability DatabaseVERACODE:44760

HistoryDec 20, 2023 - 8:39 a.m.

Server Side Template Injection (SSTI)

2023-12-2008:39:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mlflow

ssti

vulnerability

jinja2

loader

yaml

files

render

merge

configuration

arbitrary commands

system

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

mlflow is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to not using the sandboxed jinja2 loader while merging and rendering profile/recipe configuration (yaml files) in the render_and_merge_yamlfunction within mlflow/utils/file_utils.py. If a user loads a malicious recipe configuration file, an attacker can execute arbitrary commands on the system.

References

github.com/mlflow/mlflow/blob/b77667898c9f1a137a5987cc0936555f2139ade5/mlflow/utils/file_utils.py#L341

github.com/mlflow/mlflow/commit/5139b1087d686fa52e2b087e09da66aff86297b1

github.com/mlflow/mlflow/commit/8029113817175cc9b9bed5c1bebe2f9afea2835b

github.com/mlflow/mlflow/pull/10676

huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d/

huntr.com/bounties/c6f59480-ce47-4f78-a3dc-4bd8ca15029c

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

48.9%

JSON

Related for VERACODE:44760