CVE-2024-1483 Scanner

mlflow is an open-source platform primarily used by data scientists and machine learning engineers to manage the entire machine learning lifecycle. It allows for experimentation, reproducibility, and deployment of machine learning models. As a platform, it provides tools for tracking experiments, managing models, and deploying them in different environments. mlflow is commonly used across industries to facilitate data-driven decisions by automating various aspects of machine learning pipelines. It supports multiple machine learning frameworks and integrates with tools like Apache Spark. The platform is widely adopted for its simplicity and flexibility in model management.

The vulnerability in question is a Path Traversal issue present in mlflow versions earlier than 2.9.2. This vulnerability allows attackers to manipulate file paths and access files outside of the intended directory. By submitting HTTP POST requests containing specially crafted parameters, an attacker can exploit this weakness. The vulnerability arises from inadequate input validation within the server’s handlers for certain file-related operations. Path traversal attacks can lead to severe information disclosure, including sensitive files stored on the server. The vulnerability is of high severity due to its potential to reveal critical system information.

In this case, the 'artifact_location' and 'source' parameters in HTTP POST requests are vulnerable to manipulation. Attackers can use these parameters to traverse the server’s directory structure, accessing files outside the intended directories. For example, by crafting a request with 'http:///#/../../../../../../../../../../../../../../etc/', an attacker can attempt to access sensitive files like system configurations or SSH keys. The lack of proper validation of user-supplied input in these parameters allows for the directory traversal attack. The vulnerability is associated with mlflow's handling of paths provided in requests for managing experiments, runs, and model versions. These requests are processed in various endpoints related to the creation and management of experiments, models, and runs in mlflow.

Exploiting this vulnerability could lead to the disclosure of sensitive files on the affected server. These files may include configuration files, SSH keys, or other sensitive system information. Attackers can leverage this information for further attacks, such as privilege escalation or access to secure internal resources. In some cases, attackers may be able to execute arbitrary code if they gain access to critical files. The attacker does not require authentication to exploit this vulnerability, making it particularly dangerous. Organizations running vulnerable versions of mlflow may face serious security risks if this issue is exploited.

REFERENCES

• Huntr - Path Traversal in mlflow
• NVD - CVE-2024-1483