[BUG] Security Vulnerability

[DanMcInerney]

Sent email to mlflow-oss-maintainers@databricks.com

[BenWilson2]

Thank you for the investigation and report @DanMcInerney . We'll be patching this!

[mlflow-automation]

@BenWilson2 @dbczumar @harupy @WeichenXu123 Please assign a maintainer and start triaging this issue.

[badarahmed]

Thanks @DanMcInerney for finding these vulnerabilities along with contributors at @protectai for testing/verification. Appreciate the MLflow maintainers for a very prompt response.

[badarahmed]

CVEs have been published:

• https://nvd.nist.gov/vuln/detail/CVE-2023-1177 (critical severity; score 10)
• https://nvd.nist.gov/vuln/detail/CVE-2023-1176 (medium severity; score 5.3)

Dan has published blog post detailing the issue at:
https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow

MLflow v2.2.2 has patched these vulnerabilities.

[yaxxie]

Will the fixes get back ported to the 1.3 series?

[ddl-ebrown]

Could someone please update the release notes to include mention of the CVEs? I don't know if / where announcements are sent out for this project, but a 10 is typically justification for broad disclosure and an urge to upgrade immediately.

[badarahmed]

MLflow has issued GitHub Security Advisories:

• GHSA-xg73-94fp-g449 (critical severity)
• GHSA-wp72-7hj9-5265 (moderate severity)

Disclaimer: I'm not an MLflow maintainer.

[dbczumar]

Hi folks, the 2.2.1 release notes have been updated to reference the GitHub Security Advisories, which refer to the CVEs and provide additional context. The mlflow-users group and Slack channel were contacted as soon as the security advisories were disclosed.

MLflow 1.30.1 was released yesterday, which patches these security vulnerabilities for the 1.30 series: https://pypi.org/project/mlflow/1.30.1/.

Thank you for using MLflow!