Sightline

Critical

mlflow

Scheme Confusion Leading to Local File Read

A vulnerability in MLflow version 2.7.1 allows attackers to read local files due to scheme confusion in URI parsing. The issue was patched in version 2.10.0. The vulnerability arises from improper handling of URIs with empty or 'file' schemes, enabling attackers to bypass checks intended to restrict access to local files.

Available publicly on Apr 16 2024 | Available with Premium on Jan 11 2024

CVE:

CVE-2024-3573

CWE:

29:Path Traversal: '\..\filename'

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Credit:

kevin-mizu

Assess Detect

Premium

Remediate

Remediation Steps

Update MLflow to version 2.10.0 or later.
Review and adjust server configurations to restrict access to sensitive files.
Audit logs for suspicious activity involving model version creation or artifact retrieval.
Consider implementing additional authentication and authorization controls to limit who can create or modify model versions.

Patch Details

Fixed Version: 2.10.0
Patch Commit: https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 566- related security advisories that are available with Sightline Premium.