CVE-2023-6018

CRITICAL10.0EPSS 91.3%

Remote Code Execution due to Full Controled File Write in mlflow

Published: 11/16/2023Modified: 8/8/2024

Description

The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution (like overwriting `/home/<user>/.bashrc`). A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

Affected packages (2)

Bitnami/mlflow
PyPI/mlflowfrom 0, < 2.9.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL10.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-6018
PATCHhttps://github.com/mlflow/mlflow
WEBhttps://github.com/mlflow/mlflow/commit/55c72d02380e8db8118595a4fdae7879cb7ac5bd
WEBhttps://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30