-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AI PRP: Arbitrary File Read in mlflow CVE-2023-6977 #450
Comments
Hi @frkngksl, We already have a plugin that detects CVE-2023-1177 which seems to be the previous version of that vulnerability. Could you:
Let me know if you are interested. This would qualify for a slightly lower bounty though. Cheers, |
Okay then, I will start with this one. Will you send me a submission link to track the progress? |
Please submit our participation form and you can start working on the development. Thanks! |
Hi @tooryx , Do you want me to also add CVE-2023-2780 ? As far as I understand from the first glance, it is another bypass for CVE-2023-1177. It can be thought as the same category with the CVE-2023-6977. Maybe it might help to increase the bounty amount too? Ref: https://huntr.com/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689 |
Hi @tooryx, I have one more question. In terms of modifying the plugin, do you expect that this plugin will create three (if you accept the above one) different detection reports that state CVEs seperately? Or should I just add these three different types of LFI methods and return the current report (CVE-2023-1177, current version of the code) for all of them (not mentioning their CVEs specifically)? I'm a bit confused because all mentioned CVEs have three HTTP requests, and only the first ones are the same. Also, it should be noted that one version of Mlflow can be vulnerable to three assigned vulnerabilities at the same time. Tested and observed with version 2.1.0. Therefore, I'm not sure how to edit the following code block for multiple CVEs according to your standarts
|
Hi @frkngksl, My understanding is that: the original advisory (CVE-2023-1177) had two bypasses CVE-2023-2780 and CVE-2023-6977. CVE-2023-6977 is the latest one and contains the two others. Do you see any added value in checking CVE-2023-2780 separately? It does not seem necessary to me, unless each bypass is possible only after the previous patch, then we might need different plugins. As for detection report, just detecting the latest bypass and reporting it should be sufficient (still if the latest one contains the two other). |
Hi @tooryx, I understand your point better now, thank you so much. Although used techniques are different in these bypasses (CVE-2023-2780 uses a flaw in the patch, and CVE-2023-6977 uses a symlink to bypass these two patches), when somebody uses CVE-2023-6977, they can read system files until the version 2.9.2 (others are fixed earlier) because it was possible even before the patches and it is related to the same endpoints. So, I will edit the plugin so that it will detect and try CVE-2023-6977 case and mentions about this detail in the README file. Cheers! |
Hi @tooryx , Just one more question, I'm planning to change class names too because it will check for CVE-2023-6977 now. Are you okay with that right? Sorry for disturbing you a lot about this issue. |
No problem with that ~tooryx |
Hi,
I want to develop a plugin for mlflow LFI - CVE-2023-6977.
Vulnerability Information: This vulnerability enables malicious users to read sensitive files on the server.
Vulnerable Versions are below the 2.9.2
References:
The vulnerability requires three HTTP requests one is GET and the other two are POST. After creating a model, by using a symlink, one can read files on the filesystem.
Actually, after sending an AI PRP for a CVE that already exists on the Tsunami, I searched this CVE code on the repository checked the issues, and found nothing. I hope it is not found in the Tsunami and this is not a duplicated issue.
The text was updated successfully, but these errors were encountered: