Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-3573

mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.

Published

2024-04-16T00:15:12.570

Last Modified

2025-02-03T15:50:28.267

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.3 (CRITICAL)

Weaknesses

Type: Secondary
CWE-29
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lfprojects	mlflow	< 2.10.0	Yes

References

https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc Patch ([email protected])
https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc Patch (af854a3a-2127-422b-91ae-364da2661108)
https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)