CVE-2023-6975 Scanner

MLflow is a popular open-source platform aimed at managing the complete machine learning lifecycle. It is widely used by data scientists and ML engineers for tracking experiments, packaging code into reproducible runs, and for deploying models. MLflow supports various machine learning libraries and tools, offering a centralized repository to handle different machine learning projects. Its flexible architecture and extensive community support make it a go-to choice for both small and large-scale machine learning operations. Organizations rely on MLflow not only for its core functionalities but also for its customization capabilities, which allow integration into existing ML workflows.

The Path Traversal vulnerability in MLflow allows attackers to manipulate file paths, granting them the ability to write files to arbitrary locations. Such vulnerabilities occur when the application does not properly sanitize user input, allowing it to alter file paths intentionally. This specific issue with FTP URLs enhances the attack vector, as malicious actors can exploit FTP protocol weaknesses. Path Traversal vulnerabilities are particularly concerning as they could lead to unauthorized access or tampering with critical files on the server. They pose a significant risk to data integrity and security, making detection and remediation urgent for affected systems.

In MLflow, the vulnerability can be exploited by crafting FTP URLs that manipulate file paths, overriding default behaviors. The vulnerable endpoint is associated with the handling of model creation and the fetch artifact process, susceptible to manipulated user input. Parameters such as 'name' and 'source' in requests allow attackers to set files outside intended directories. By using interactive protocols and creating controlled URLs, attackers could potentially control the flow of data on the server. Given that the vulnerability affects handling of external URLs, it highlights a critical lapse in input validation in the affected MLflow version.

If exploited, this Path Traversal vulnerability can cause unauthorized file writes, potentially allowing attackers to insert malicious files into critical server directories. The consequences can range from data manipulation and unauthorized access to full system compromise depending on what files are overwritten. Furthermore, attackers could use this weakness to stage further attacks or disruptions, leveraging unauthorized file structure changes. This can severely affect both the operational integrity of services using MLflow and compromise sensitive data handled by the platform.

REFERENCES

• https://huntr.com/bounties/029a3824-cee3-4cf1-b260-7138aa539b85/