漏洞标题
在mlflow/mlflow中绕过路径遍历
漏洞描述信息
mlflow/mlflow版本2.11.0中存在路径遍历漏洞,这可以绕过之前解决的CVE-2023-6909。这一漏洞源自应用程序对artifact URL的处理,其中可以使用“#”字符插入路径到片段中,从而跳过验证。这使得攻击者能够构造一个URL,当进行处理时,该URL会忽略协议方案,并使用提供的路径来进行文件系统访问。因此,攻击者可以通过利用应用程序将URL转换为文件系统路径的方式,来读取任意文件,包括SSH和云密钥等敏感信息。问题源于对URL片段部分的验证不足,从而通过路径遍历来实现任意文件读取。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Path Traversal Bypass in mlflow/mlflow
漏洞描述信息
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
CVSS信息
N/A
漏洞类别
路径遍历:’..filename’
漏洞标题
Mlflow 安全漏洞
漏洞描述信息
Mlflow是一个机器学习生命周期的开源平台。 Mlflow 2.11.0版本存在安全漏洞,该漏洞源于对 URL 的片段部分验证不足,导致通过路径遍历读取任意文件。
CVSS信息
N/A
漏洞类别
其他