Lucene search

GoogleOSV:GHSA-6749-M5CP-6CG7

HistoryFeb 24, 2024 - 12:30 a.m.

Cross-site Scripting in MLFlow

2024-02-2400:30:20

Google

osv.dev

mlflow

cross-site scripting

insufficient sanitization

xss

client-side rce

jupyter notebook

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.

References

github.com/mlflow/mlflow

github.com/mlflow/mlflow/pull/10873

nvd.nist.gov/vuln/detail/CVE-2024-27132

research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for OSV:GHSA-6749-M5CP-6CG7