Plateforme
python
Composant
mlflow
Corrigé dans
2.9.2
2.9.2
CVE-2023-6974 describes a Server-Side Request Forgery (SSRF) vulnerability present in MLflow versions up to 2.9.1. This flaw allows a malicious user to initiate requests to internal HTTP(s) servers, potentially exposing sensitive data or enabling unauthorized access. Successful exploitation, particularly within AWS environments, could lead to remote code execution. The vulnerability was published on December 20, 2023, and a fix is available in version 2.9.2.
The SSRF vulnerability in MLflow allows an attacker to craft requests that originate from the MLflow server itself, bypassing typical network security controls. This means an attacker could potentially access internal services that are not directly exposed to the internet. In environments utilizing AWS, this vulnerability is particularly concerning. An attacker could leverage the SSRF to interact with AWS metadata services, potentially gaining access to sensitive information like IAM credentials or EC2 instance details. This could then be used to escalate privileges and achieve remote code execution on the affected machine, effectively compromising the entire system. The potential blast radius extends to any internal resources accessible via HTTP(s) from the MLflow server.
CVE-2023-6974 is not currently listed on the CISA KEV catalog. The EPSS score is likely to be medium to high, given the CRITICAL CVSS score and the potential for remote code execution. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The vulnerability was publicly disclosed on December 20, 2023.
Organizations deploying MLflow within AWS environments are particularly at risk, as the SSRF vulnerability can be exploited to gain access to AWS metadata and potentially achieve remote code execution. Teams relying on MLflow for model tracking and deployment, especially those with internal HTTP(s) services accessible from the MLflow server, should prioritize patching.
• python / mlflow:
import mlflow
import requests
try:
response = mlflow.tracking.MlflowClient().tracking_service.get_endpoints()
print(response)
except requests.exceptions.RequestException as e:
print(f"Error: {e}")• linux / server:
journalctl -u mlflow -g 'SSRF' | grep -i error• generic web:
curl -I <mlflow_endpoint>/some/internal/resourcedisclosure
patch
Statut de l'Exploit
EPSS
2.59% (percentile 86%)
Vecteur CVSS
The primary mitigation for CVE-2023-6974 is to upgrade MLflow to version 2.9.2 or later, which contains the fix. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Restricting network access from the MLflow server to only necessary internal resources can limit the potential impact of the SSRF. Implementing a Web Application Firewall (WAF) with strict outbound filtering rules can also help block malicious requests. Carefully review and restrict the allowed protocols and domains that MLflow can access. After upgrading, confirm the fix by attempting to access an internal HTTP(s) resource through the MLflow UI; the request should be blocked or denied.
Actualice MLflow a la versión 2.9.2 o superior. Esto corrige la vulnerabilidad SSRF. Puede actualizar usando `pip install mlflow==2.9.2` o una versión más reciente.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2023-6974 is a critical SSRF vulnerability affecting MLflow versions up to 2.9.1. It allows attackers to initiate requests from the MLflow server, potentially accessing internal resources and leading to remote code execution.
You are affected if you are using MLflow version 2.9.1 or earlier. Check your MLflow version and upgrade to 2.9.2 or later to mitigate the risk.
The recommended fix is to upgrade MLflow to version 2.9.2 or later. If an immediate upgrade is not possible, implement temporary workarounds such as restricting network access and using a WAF.
While there are no confirmed reports of active exploitation at this time, the CRITICAL severity and potential for remote code execution suggest a high likelihood of exploitation if the vulnerability remains unpatched.
Refer to the MLflow security advisory for detailed information and updates: [https://mlflow.org/docs/security](https://mlflow.org/docs/security)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.