OpenCVE

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lfprojects	Mlflow

Configuration 1 [-]

cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a

History

Fri, 11 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lfprojects Lfprojects mlflow
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:lfprojects:mlflow:-:::::::*
Vendors & Products		Lfprojects Lfprojects mlflow
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:08:16.402Z

Updated: 2024-08-01T19:32:42.675Z

Reserved: 2024-03-29T17:47:14.222Z

Link: CVE-2024-3099

Vulnrichment

Updated: 2024-08-01T19:32:42.675Z

NVD

Status : Modified

Published: 2024-06-06T19:15:59.393

Modified: 2024-11-21T09:28:53.953

Link: CVE-2024-3099

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3099", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-29T17:47:14.222Z", "datePublished": "2024-06-06T18:08:16.402Z", "dateUpdated": "2024-08-01T19:32:42.675Z"}, "containers": {"cna": {"title": "Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:16.402Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-475 Undefined Behavior for Input to API", "cweId": "CWE-475"}]}], "source": {"advisory": "8d96374a-ce8d-480e-9cb0-0a7e5165c24a", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "lfprojects", "product": "mlflow", "cpes": ["cpe:2.3:a:lfprojects:mlflow:2.11.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.11.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T12:51:54.841930Z", "id": "CVE-2024-3099", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T17:22:16.990Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.675Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:32:42.675Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3099", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T12:51:54.841930Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lfprojects:mlflow:2.11.1:*:*:*:*:*:*:*"], "vendor": "lfprojects", "product": "mlflow", "versions": [{"status": "affected", "version": "2.11.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T12:54:24.343Z"}}], "cna": {"title": "Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow", "source": {"advisory": "8d96374a-ce8d-480e-9cb0-0a7e5165c24a", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"}], "descriptions": [{"lang": "en", "value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-475", "description": "CWE-475 Undefined Behavior for Input to API"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:16.402Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3099", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:32:42.675Z", "dateReserved": "2024-03-29T17:47:14.222Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:08:16.402Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*", "matchCriteriaId": "F18F1880-033C-4E18-913C-6C5356427ABB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."}, {"lang": "es", "value": "Una vulnerabilidad en mlflow/mlflow versi\u00f3n 2.11.1 permite a los atacantes crear m\u00faltiples modelos con el mismo nombre explotando la codificaci\u00f3n URL. Esta falla puede provocar una denegaci\u00f3n de servicio (DoS), ya que es posible que un usuario autenticado no pueda utilizar el modelo deseado, ya que abrir\u00e1 un modelo diferente cada vez. Adem\u00e1s, un atacante puede aprovechar esta vulnerabilidad para envenenar el modelo de datos creando un modelo con el mismo nombre, lo que podr\u00eda provocar que un usuario autenticado se convierta en v\u00edctima al utilizar el modelo envenenado. El problema surge de una validaci\u00f3n inadecuada de los nombres de los modelos, lo que permite la creaci\u00f3n de modelos con nombres codificados en URL que se tratan como distintos de sus hom\u00f3logos decodificados en URL."}], "id": "CVE-2024-3099", "lastModified": "2024-11-21T09:28:53.953", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:15:59.393", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-475"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}