PyPI: mlflow
CVE-2024-1560
Safety vulnerability ID: SFTY-20240416-89743
Safety legacy ID: pyup.io-71588
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to sanitize user-supplied paths properly. The issue is present on affected versions, despite attempts to fix a similar issue in CVE-2023-6831.
Overview
mlflow vulnerable to Path Traversal
Advisory
A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to sanitize user-supplied paths properly. The issue is present on affected versions, despite attempts to fix a similar issue in CVE-2023-6831.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20240416-89743/CVE-2024-1560
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1560
- https://github.com/advisories/GHSA-5mvj-wmgj-7q8c
- https://github.com/mlflow/mlflow/blob/b929a3e727dc48a1eb19b7e954b7897ac09ad3ec/mlflow/store/artifact/local_artifact_repo.py#L108
- https://github.com/mlflow/mlflow/commit/d8edaf0bcdb7c876b69b6cda1bd9ceb0247cf007
- https://huntr.com/bounties/4a34259c-3c8f-4872-b178-f27fbc876b98
- https://nvd.nist.gov/vuln/detail/CVE-2024-1560
- https://huntr.com/bounties/4a34259c-3c8f-4872-b178-f27fbc876b98
- https://github.com/advisories/GHSA-5mvj-wmgj-7q8c
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more