2.9.2
2.9.2
CVE-2023-6974 describes a Server-Side Request Forgery (SSRF) vulnerability present in MLflow versions up to 2.9.1. This flaw allows a malicious user to initiate requests to internal HTTP(s) servers, potentially exposing sensitive data or enabling unauthorized access. Successful exploitation, particularly within AWS environments, could lead to remote code execution. The vulnerability was published on December 20, 2023, and a fix is available in version 2.9.2.
The SSRF vulnerability in MLflow allows an attacker to craft requests that originate from the MLflow server itself, bypassing typical network security controls. This means an attacker could potentially access internal services that are not directly exposed to the internet. In environments utilizing AWS, this vulnerability is particularly concerning. An attacker could leverage the SSRF to interact with AWS metadata services, potentially gaining access to sensitive information like IAM credentials or EC2 instance details. This could then be used to escalate privileges and achieve remote code execution on the affected machine, effectively compromising the entire system. The potential blast radius extends to any internal resources accessible via HTTP(s) from the MLflow server.
CVE-2023-6974 is not currently listed on the CISA KEV catalog. The EPSS score is likely to be medium to high, given the CRITICAL CVSS score and the potential for remote code execution. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The vulnerability was publicly disclosed on December 20, 2023.
Exploit Status
EPSS
2.59% (86% percentile)
CVSS Vector
The primary mitigation for CVE-2023-6974 is to upgrade MLflow to version 2.9.2 or later, which contains the fix. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Restricting network access from the MLflow server to only necessary internal resources can limit the potential impact of the SSRF. Implementing a Web Application Firewall (WAF) with strict outbound filtering rules can also help block malicious requests. Carefully review and restrict the allowed protocols and domains that MLflow can access. After upgrading, confirm the fix by attempting to access an internal HTTP(s) resource through the MLflow UI; the request should be blocked or denied.
Update MLflow to version 2.9.2 or higher. This fixes the SSRF vulnerability. You can update using `pip install mlflow==2.9.2` or a later version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-6974 is a critical SSRF vulnerability affecting MLflow versions up to 2.9.1. It allows attackers to initiate requests from the MLflow server, potentially accessing internal resources and leading to remote code execution.
You are affected if you are using MLflow version 2.9.1 or earlier. Check your MLflow version and upgrade to 2.9.2 or later to mitigate the risk.
The recommended fix is to upgrade MLflow to version 2.9.2 or later. If an immediate upgrade is not possible, implement temporary workarounds such as restricting network access and using a WAF.
While there are no confirmed reports of active exploitation at this time, the CRITICAL severity and potential for remote code execution suggest a high likelihood of exploitation if the vulnerability remains unpatched.
Refer to the MLflow security advisory for detailed information and updates: [https://mlflow.org/docs/security](https://mlflow.org/docs/security)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.