FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2023-1177

Path Traversal: '\..\filename' (CWE-29)

Published: Mar 24, 2023 / Updated: 20mo ago

010
CVSS 9.8EPSS 1.5%Critical
CVE info copied to clipboard

Summary

A path traversal vulnerability exists in the GitHub repository mlflow/mlflow prior to version 2.2.1. This vulnerability is specifically related to the '\..\filename' path traversal technique.

Impact

This vulnerability has a CVSS v3.1 base score of 9.8, which is considered Critical. The attack vector is Network-based, requires low attack complexity, and needs no user interaction or privileges. It can lead to high impacts on confidentiality, integrity, and availability of the affected system. Attackers could potentially access or modify files outside of the intended directory structure, leading to unauthorized data access, data manipulation, or system compromise.

Exploitation

Multiple proof-of-concept exploits are available on huntr.dev, github.com, github.com, github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in MLflow version 2.2.1 and later. Multiple patch sources are available, including the official GitHub advisory and the MLflow GitHub repository.

Mitigation

1. Upgrade MLflow to version 2.2.1 or later immediately. 2. If immediate upgrading is not possible, implement strict input validation and sanitization for file paths. 3. Apply the principle of least privilege to limit potential damage from exploitation. 4. Monitor system logs for any suspicious file access attempts. 5. Implement network segmentation to limit the exposure of vulnerable systems.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-1177. See article

Mar 23, 2023 at 3:45 PM / unknown
Threat Intelligence Report

The vulnerability CVE-2023-1177 in MLflow poses a critical risk as it allows for a combined Local File Inclusion/Remote File Inclusion attack, potentially leading to a complete system or cloud provider takeover. Organizations are urged to update to at least version 2.2.2 immediately to mitigate this risk. Proof-of-concept exploits are available, and downstream impacts to third-party vendors using MLflow may be significant if left unaddressed. See article

Mar 25, 2023 at 5:08 AM
EPSS

EPSS Score was set to: 1.5% (Percentile: 85.3%)

Sep 18, 2023 at 8:49 PM
Static CVE Timeline Graph

Affected Systems

Lfprojects/mlflow
+null more

Exploits

https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28
+null more

Patches

Github Advisory
+null more

Vendor Advisory

[GHSA-xg73-94fp-g449] mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
GitHub Advisory Database / 20mo
Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server (for example, by using a cloud VPC, an IP allowlist for inbound requests, or authentication / authorization middleware). If you are using the MLflow open source mlflow server or mlflow ui commands, we strongly recommend limiting who can access your MLflow Model Registry and MLflow Tracking servers using a cloud VPC, an IP allowlist for inbound requests, authentication / authorization middleware, or another access restriction mechanism of your choosing.

References

Hacking AI: System and Cloud Takeover via MLflow Exploit
Protect AI | Home / 20mo
The exploitation of this vulnerability allows a remote unauthenticated attacker to read any file on the server that the user who started the MLflow server can access. Organizations running an MLflow server are urged to update to the latest release immediately.In this blog, we explore the impact of this vulnerability, how to detect it, and our process for discovering these critical impacts.

News

Exploit for Path Traversal in Lfprojects Mlflow
Vulners.com RSS Feed / 2mo
CVE-2023-1177 MLFlow Path Traversal Tested on MLflow 2.2.0 src: https://github.com/iumiro/CVE-2023-1177-MLFlow .. code-block:: bash #!/bin/bash RAND="EXPLOIT-$((1+$RANDOM%9999))" URL="http://172.17.0.2:6001" FILE='/root/.ssh/id_rsa' curl -vX POST "$URL/ajax-api/2.0/mlflow/registered-models/create" -d "{\"name\":\"$RAND\"}" -H "Content-Type: application/json" curl -vX POST "$URL/ajax-api/2.0/mlflow/model-versions/create" -d "{\"name\":\"$RAND\",\"source\":\"file://%00${FILE%/}/\"}" -H "Content-Type:
CVE-2023-1177 (2023-03-25) saimahmed/MLflow-Vuln
PoC-in-GitHub RSS / 3mo
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. [GitHub]MLflow LFI/RFI Vulnerability -CVE-2023-1177 - Reproduced
CVSS v3.1 Statistics for huntr.dev as of 10/11/2023 - NVD CNA Status
Google Alert - space-communication OR stockholm-region OR online-appointment-scheduling OR exploring-applications OR successful-transactions OR ions OR analytics-tools OR modern-data-processing OR confidentiality OR areas-of-stress OR retrieval-request OR reverse-logistics-management OR semiconductor-manufacturers OR product-return-services / 11mo
Attacker as "user" is mentioned, but not identified as high privileges Privileges Required (PR) Low
Uncovering Over 12 Exploitable Vulnerabilities in AI/ML Tools
CyberSec84 | Cybersecurity news. / 12mo
Among these, the most severe are arbitrary file write and patch traversal bugs ( CVE-2023-6018 and CVE-2023-6015, CVSS score of 10), enabling an unauthenticated attacker to overwrite files on the operating system and achieve RCE. Termed CVE-2023-6016, this remote code execution ( RCE ) vulnerability holds a CVSS score of 10, signifying its critical nature.
GitHub - tiyeume25112004/CVE-2023-1177-rebuild: Learn more things, not suck all things
unsafe.sh Githubs / 12mo
Skip to content Sign up tiyeume25112004 / CVE-2023-1177-rebuild Public Notifications Fork 0 Star 0 Code Issues Pull requests Actions Projects Security tiyeume25112004/CVE-2023-1177-rebuild master Go to file Code Latest commit tiyeume25112004 Rename CVE-2023-1147.py to CVE-2023-1177.py … Git stats 4 Files Type Name Latest commit message Commit time CVE-2023-1177.py Rename CVE-2023-1147.py to CVE-2023-1177.py README.md Update README.md README.md CVE-2023-1177 Learn more things, not suck all things About Learn more things, not suck all things Resources Readme Activity Stars 0 stars Watchers 1 watching Forks 0 forks Report repository Releases No releases published Packages No packages published Languages Python 100.0% Footer © 2023 GitHub, Inc. Footer navigation Terms Privacy Security Status Docs Contact GitHub Pricing API Training Blog About
See 55 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-29(40)Lfprojects(46)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial