Lucene search

Veracode Vulnerability DatabaseVERACODE:44766

HistoryDec 21, 2023 - 6:44 a.m.

Server Side Request Forgery (SSRF)

2023-12-2106:44:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mlflow

ssrf

vulnerability

get-artifact

malicious user

remote code execution

http servers

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

mlflow is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is caused by following redirects while fetching HTTP artifact contents within the model-versions/get-artifact endpoint. A malicious user can exploit this to access internal HTTP(s) servers and in the worst case achieve remote code execution in the system.

References

github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555

github.com/mlflow/mlflow/pull/10673

huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393

huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

Related for VERACODE:44766