Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf() MLflow API is called.
[
{
"signature_type": "Function",
"id": "CVE-2024-27134-6d6e2f75",
"target": {
"function": "doGet",
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f",
"digest": {
"function_hash": "104756577933646270377322058099788548368",
"length": 198.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-27134-72beafcb",
"target": {
"function": "testScoringServerWithValidPredictorRespondsToVersionCorrectly",
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f",
"digest": {
"function_hash": "184071514087990523482204071342574856391",
"length": 492.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-27134-8492ce88",
"target": {
"file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"131820453751244830235847135154555009675",
"118311288725557473966511160909702796059",
"23166675831352438683313922586367861826",
"105627809069183315260927391174565252232"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2024-27134-8717d33b",
"target": {
"file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"126175435439690257488643731654349406987",
"95033179366840333112179189507578907972",
"238340115033601847376410752104378127786",
"243585600340095249392561452430789585945"
]
}
}
]