CVE-2023-6018 — Remote Code Execution due to Full Controled File Write in mlflow

Description

The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution (like overwriting `/home/<user>/.bashrc`). A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

How to fix CVE-2023-6018

To remediate CVE-2023-6018, upgrade the affected package to a fixed version below.

—no fix listed
—upgrade to 2.9.2 or later

Is CVE-2023-6018 being exploited?

Likely — EPSS is 91.3%, placing CVE-2023-6018 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (2)

from 0, < 2.9.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL10.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-6018
PATCHgithub.com/mlflow/mlflow
WEBgithub.com/mlflow/mlflow/commit/55c72d02380e8db8118595a4fdae7879cb7ac5bd
WEBhuntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30