Medium

mlflow

Improper Access Control in Artifact Deletion

A broken access control vulnerability in mlflow/mlflow version 2.11.0 allows low privilege users with only EDIT permissions to delete artifacts. This issue was patched in version 2.10.1.

Available publicly on Apr 26 2024

5.4

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Credit:

rook1337
Threat Overview

The vulnerability arises due to insufficient validation of DELETE requests by users with EDIT permissions. In a typical setup, EDIT permissions should allow a user to read and update artifacts but not delete them. However, due to this vulnerability, a low privilege user can send a DELETE request to remove artifacts, bypassing the intended access controls and potentially leading to unauthorized data loss or system manipulation.

Attack Scenario

An attacker, after gaining access to the system as a low privilege user, assigns themselves EDIT permissions on an experiment via a POST request. Subsequently, the attacker sends a DELETE request targeting an artifact directory associated with the experiment. Despite only having EDIT permissions, the request is processed, and the directory is deleted, demonstrating the vulnerability.

Who is affected

Any deployment of mlflow version 2.11.0 where low privilege users are granted EDIT permissions on experiments. The vulnerability specifically affects these users' ability to delete artifacts, which should not be permissible under their assigned permissions.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.