Critical

mlflow

Remote Code Execution via Controlled File Write

A vulnerability in MLflow versions 2.6.0 to 2.9.1 allows remote code execution through a controlled file write mechanism. The issue arises from the handling of model source URLs, enabling an attacker to create or overwrite arbitrary files on the system. This vulnerability was patched in version 2.9.2.

Available publicly on Nov 16 2023

10

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Credit:

kevin-mizu
Remediation Steps
  • Update MLflow to version 2.9.2 or later.
  • Ensure that authentication is enabled for MLflow to prevent unauthorized access.
  • Regularly review and monitor model creation requests to detect any suspicious activity.
  • Consider implementing network-level controls to restrict access to the MLflow server from untrusted sources.
Patch Details
  • Fixed Version: 2.9.2
  • Patch Commit: https://github.com/mlflow/mlflow/commit/55c72d02380e8db8118595a4fdae7879cb7ac5bd
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.