Excessive directory permissions in MLflow leads to local privilege escalation when using sparkudf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the sparkudf() MLflow API is called.
[ { "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "target": { "file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java", "function": "doGet" }, "digest": { "function_hash": "104756577933646270377322058099788548368", "length": 198.0 }, "id": "CVE-2024-27134-6d6e2f75", "signature_type": "Function", "signature_version": "v1" }, { "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "target": { "file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java", "function": "testScoringServerWithValidPredictorRespondsToVersionCorrectly" }, "digest": { "function_hash": "184071514087990523482204071342574856391", "length": 492.0 }, "id": "CVE-2024-27134-72beafcb", "signature_type": "Function", "signature_version": "v1" }, { "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "target": { "file": "mlflow/java/scoring/src/main/java/org/mlflow/sagemaker/ScoringServer.java" }, "digest": { "line_hashes": [ "131820453751244830235847135154555009675", "118311288725557473966511160909702796059", "23166675831352438683313922586367861826", "105627809069183315260927391174565252232" ], "threshold": 0.9 }, "id": "CVE-2024-27134-8492ce88", "signature_type": "Line", "signature_version": "v1" }, { "source": "https://github.com/mlflow/mlflow/commit/07fdad09eabc63f39069de1ab4cf561da306159f", "deprecated": false, "target": { "file": "mlflow/java/scoring/src/test/java/org/mlflow/ScoringServerTest.java" }, "digest": { "line_hashes": [ "126175435439690257488643731654349406987", "95033179366840333112179189507578907972", "238340115033601847376410752104378127786", "243585600340095249392561452430789585945" ], "threshold": 0.9 }, "id": "CVE-2024-27134-8717d33b", "signature_type": "Line", "signature_version": "v1" } ]