Medium

mlflow

Denial of Service and Data Model Poisoning via URL Encoding in MLflow

A vulnerability in MLflow version 2.11.1 allows attackers to create multiple models with the same name using URL encoding, leading to Denial of Service or Data Model Poisoning. This issue was identified due to insufficient validation of URL-encoded model names, causing confusion and potential security risks when accessing models. The specific patch version fixing this issue was not mentioned.

Available publicly on May 03 2024

5.4

CVE:

CVE-2024-3099

CWE:

475:Undefined Behavior for Input to API

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Credit:

dan-xzero
AssessDetect

Premium

Remediate
Remediation Steps
  • Ensure all inputs, including URL parameters, are properly validated and sanitized to prevent URL encoding bypass.
  • Implement strict checks for model name uniqueness that consider potential URL encoding.
  • Update to a patched version of MLflow that addresses this vulnerability, if available.
  • As a temporary measure, restrict model creation privileges to trusted users only.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.