AI PRP: Arbitrary File Read in mlflow CVE-2024-2928
Opened this issue · 2 comments
frkngksl commented
Hi,
I want to develop a plugin for mlflow LFI - CVE-2024-2928
Vulnerability Information: This vulnerability enables malicious users to read sensitive files on the server. It also covers CVE-2023-6909 because it is a new bypass. Both CVEs doesn't exist in Tsunami Plugins.
Vulnerable Versions are below the 2.11.3
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2928
- https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298
- GHSA-j46q-5pxx-8vmw
The vulnerability requires five HTTP requests one is GET and the other four are POST. After creating a model and an experiment after linking them, one can read files on the filesystem.