CVE-2024-27132

2024-02-2322:15:55

CWE-79

JFROG

web.nvd.nist.gov

cve-2024-27132

mlflow

xss

rce

jupyter notebook

template variables

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.

CNA Affected

[
  {
    "collectionURL": "https://pypi.org/project/pip",
    "packageName": "mlflow",
    "versions": [
      {
        "lessThanOrEqual": "2.9.2",
        "status": "affected",
        "version": "0",
        "versionType": "python"
      }
    ]
  }
]