CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.9%
mlflow is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to not using the sandboxed jinja2 loader while merging and rendering profile/recipe configuration (yaml files) in the render_and_merge_yaml
function within mlflow/utils/file_utils.py
. If a user loads a malicious recipe configuration file, an attacker can execute arbitrary commands on the system.
github.com/mlflow/mlflow/blob/b77667898c9f1a137a5987cc0936555f2139ade5/mlflow/utils/file_utils.py#L341
github.com/mlflow/mlflow/commit/5139b1087d686fa52e2b087e09da66aff86297b1
github.com/mlflow/mlflow/commit/8029113817175cc9b9bed5c1bebe2f9afea2835b
github.com/mlflow/mlflow/pull/10676
huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d/
huntr.com/bounties/c6f59480-ce47-4f78-a3dc-4bd8ca15029c
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.9%