CVE-2023-3765: Critical flaw in open source machine learning development MLflow
MLflow is a popular platform for machine learning development. It allows users to track experiments, package code into reproducible runs, and share and deploy models. However, a recent security vulnerability has been discovered in MLflow that could allow attackers to gain unauthorized access to sensitive data.
The vulnerability, which has been assigned the CVE identifier CVE-2023-3765, has a CVSS (Common Vulnerability Scoring System) score of a maximum 10, indicating its severity and potential for harm, and is a path traversal vulnerability. Path traversal vulnerabilities occur when software fails to properly validate user input, allowing attackers to inject malicious code into a system.
This high-impact vulnerability in MLflow, discovered by security researcher Maksym Vatsyk, results from a flawed path validation middleware. The vulnerability is known as an Absolute Path Traversal Vulnerability, allowing an attacker to manipulate the validation process to bypass existing security controls on Windows hosts.
In essence, CVE-2023-3765 grants an attacker full control over the host’s filesystem. The threat actor can use this control to carry out a variety of actions such as listing, reading, writing, and deleting files by exploiting absolute Windows file paths.
The consequences of such a vulnerability are severe, as it threatens the confidentiality, integrity, and availability of user data on the affected MLflow instance. With full control over the filesystem, an attacker could read sensitive data, manipulate or delete critical files, and disrupt the machine learning processes, bringing operations to a halt.
The issue resides in the validate_path_is_safe() function in the file /mlflow/server/handlers.py, which was introduced in PR #7891 on February 24th, 2023. The vulnerability stems from the fact that this function does not account for Windows absolute path format, making MLFlow servers on Windows hosts vulnerable to high-impact directory traversals.
As this article is published, Maksym Vatsyk, the security researcher who discovered this flaw, has released a proof-of-concept and technical details for CVE-2023-3765. This documentation further unravels the intricacies of the vulnerability, illustrating how it can be exploited and the potential repercussions.
The vulnerability affects MLflow versions 2.2.0 to 2.3.1. MLflow has released a patch for the vulnerability, and users are advised to update to the latest version as soon as possible.
