Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf() MLflow API is called.
{ "vanir_signatures": [ { "digest": { "length": 198.0, "function_hash": "104756577933646270377322058099788548368" }, "target": { "function": "doGet", "file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java" }, "signature_type": "Function", "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27134-6d6e2f75" }, { "digest": { "length": 492.0, "function_hash": "184071514087990523482204071342574856391" }, "target": { "function": "testScoringServerWithValidPredictorRespondsToVersionCorrectly", "file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java" }, "signature_type": "Function", "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27134-72beafcb" }, { "digest": { "line_hashes": [ "131820453751244830235847135154555009675", "118311288725557473966511160909702796059", "23166675831352438683313922586367861826", "105627809069183315260927391174565252232" ], "threshold": 0.9 }, "target": { "file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java" }, "signature_type": "Line", "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27134-8492ce88" }, { "digest": { "line_hashes": [ "126175435439690257488643731654349406987", "95033179366840333112179189507578907972", "238340115033601847376410752104378127786", "243585600340095249392561452430789585945" ], "threshold": 0.9 }, "target": { "file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java" }, "signature_type": "Line", "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-27134-8717d33b" } ] }