GHSA-5mvj-wmgj-7q8c

Suggest an improvement
Source
https://github.com/advisories/GHSA-5mvj-wmgj-7q8c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-5mvj-wmgj-7q8c/GHSA-5mvj-wmgj-7q8c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5mvj-wmgj-7q8c
Aliases
  • CVE-2024-1560
Published
2024-04-16T00:30:33Z
Modified
2024-04-16T18:42:02.963663Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
mlflow vulnerable to Path Traversal
Details

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts handler and local_file_uri_to_path function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the delete_artifacts function of local_artifact_repo.py, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831.

References

Affected packages

PyPI / mlflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.9.2

Affected versions

0.*

0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1

1.*

1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1

2.*

2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0
2.9.1
2.9.2