Lucene search

Veracode Vulnerability DatabaseVERACODE:45638

HistoryFeb 26, 2024 - 9:25 a.m.

Cross Site Scripting (XSS)

2024-02-2609:25:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

mlflow

xss vulnerability

stacktrace

schema

client-side rce

jupyter notebook

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

mlflow is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to a lack of sanitization within the STACKTRACE and SCHEMA template variables, resulting in a client-side RCE when running an untrusted recipe in Jupyter Notebook.

References

github.com/mlflow/mlflow/commit/4ae428205821795da7364af951a7b27e21e2022f

github.com/mlflow/mlflow/pull/10873

research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:45638