CVE-2024-3573

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc	Patch
https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c	Exploit Issue Tracking Third Party Advisory
https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc	Patch
https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*

History

03 Feb 2025, 15:50

Type	Values Removed	Values Added
CPE		cpe:2.3:a:lfprojects:mlflow::::::::
CWE		CWE-22
First Time		Lfprojects mlflow Lfprojects
References	~~() https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc -~~	() https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc - Patch
References	~~() https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c -~~	() https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c - Exploit, Issue Tracking, Third Party Advisory

Information

Published : 2024-04-16 00:15

Updated : 2025-02-03 15:50

NVD link : CVE-2024-3573

Mitre link : CVE-2024-3573

CVE.ORG link : CVE-2024-3573

JSON object : View

Products Affected

lfprojects

mlflow

CWE

CWE-29

Path Traversal: '\..\filename'

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-3573", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}]}, "published": "2024-04-16T00:15:12.570", "references": [{"url": "https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-29"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root."}, {"lang": "es", "value": "mlflow/mlflow es vulnerable a la inclusi\u00f3n de archivos locales (LFI) debido a un an\u00e1lisis inadecuado de los URI, lo que permite a los atacantes eludir las comprobaciones y leer archivos arbitrarios en el sistema. El problema surge de la falla de la funci\u00f3n 'is_local_uri' para manejar adecuadamente los URI con esquemas vac\u00edos o de 'archivo', lo que lleva a la clasificaci\u00f3n err\u00f3nea de los URI como no locales. Los atacantes pueden aprovechar esto creando versiones de modelos maliciosos con par\u00e1metros de \"fuente\" especialmente manipulados, lo que permite la lectura de archivos confidenciales dentro de al menos dos niveles de directorio desde la ra\u00edz del servidor."}], "lastModified": "2025-02-03T15:50:28.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1DAE56B-D438-4F57-A23F-8E502F1256E4", "versionEndExcluding": "2.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}