ghsa-5mvj-wmgj-7q8c
Vulnerability from github
Published
2024-04-16 00:30
Modified
2024-04-16 18:18
Severity ?
Summary
mlflow vulnerable to Path Traversal
Details
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts
handler and local_file_uri_to_path
function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the delete_artifacts
function of local_artifact_repo.py
, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "mlflow" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "2.9.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-1560" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2024-04-16T18:18:02Z", "nvd_published_at": "2024-04-16T00:15:08Z", "severity": "HIGH" }, "details": "A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server\u0027s filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.", "id": "GHSA-5mvj-wmgj-7q8c", "modified": "2024-04-16T18:18:02Z", "published": "2024-04-16T00:30:33Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1560" }, { "type": "PACKAGE", "url": "https://github.com/mlflow/mlflow" }, { "type": "WEB", "url": "https://huntr.com/bounties/4a34259c-3c8f-4872-b178-f27fbc876b98" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "type": "CVSS_V3" } ], "summary": "mlflow vulnerable to Path Traversal" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.