CVE-2023-1177: mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
(updated )
Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server
or mlflow ui
commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server (for example, by using a cloud VPC, an IP allowlist for inbound requests, or authentication / authorization middleware).
This issue only affects users and integrations that run the mlflow server
and mlflow ui
commands. Integrations that do not make use of mlflow server
or mlflow ui
are unaffected; for example, the Databricks Managed MLflow product and MLflow on Azure Machine Learning do not make use of these commands and are not impacted by these vulnerabilities in any way.
The vulnerability detailed in https://nvd.nist.gov/vuln/detail/CVE-2023-1177 enables an actor to download arbitrary files unrelated to MLflow from the host server, including any files stored in remote locations to which the host server has access.
References
- github.com/advisories/GHSA-xg73-94fp-g449
- github.com/mlflow/mlflow
- github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
- github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
- github.com/mlflow/mlflow/security/advisories/GHSA-xg73-94fp-g449
- github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-29.yaml
- huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28
- nvd.nist.gov/vuln/detail/CVE-2023-1177
Detect and mitigate CVE-2023-1177 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →