High

mlflow

Path Traversal via URL Parameter Smuggling

A path traversal vulnerability was identified in MLflow version 2.9.2, exploiting the handling of URL parameters to smuggle path traversal sequences. This vulnerability allows attackers to manipulate the 'params' part of a URL, potentially leading to unauthorized access or disclosure of sensitive information. The issue was not explicitly stated as patched in the provided report.

Available publicly on Apr 16 2024

7.5

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

haxatron
Threat Overview

The vulnerability arises from the application's handling of semicolon (';') characters in URLs. In Python's urllib.parse.urlparse function, a semicolon is used to separate the 'params' part of the URL. Attackers can exploit this behavior by smuggling path traversal sequences (e.g., '../') into the 'params' section, potentially allowing them to access or manipulate resources outside of the intended directories. This issue is particularly concerning because it bypasses traditional path traversal protections that only consider the path portion of the URL.

Attack Scenario

An attacker crafts a series of malicious HTTP POST requests targeting the MLflow server. The attacker uses the semicolon character to inject path traversal sequences into the 'params' part of the URL. By carefully crafting the payload, the attacker can manipulate the server into accessing or modifying files outside of the intended directories. This could lead to unauthorized access to sensitive files or directories on the server.

Who is affected

Users of MLflow version 2.9.2 are potentially affected by this vulnerability. Specifically, instances where the application processes URLs containing semicolon characters could be at risk. This includes environments where MLflow is used for managing machine learning experiments and models, particularly those exposed to untrusted inputs.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.