{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3099", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-03-29T17:47:14.222Z", "datePublished": "2024-06-06T18:08:16.402Z", "dateUpdated": "2024-06-07T12:54:32.844Z"}, "containers": {"cna": {"title": "Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:08:16.402Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."}], "affected": [{"vendor": "mlflow", "product": "mlflow/mlflow", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-475 Undefined Behavior for Input to API", "cweId": "CWE-475"}]}], "source": {"advisory": "8d96374a-ce8d-480e-9cb0-0a7e5165c24a", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "mlflow", "product": "mlflow", "cpes": ["cpe:2.3:a:mlflow:mlflow:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.11.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T12:51:54.841930Z", "id": "CVE-2024-3099", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T12:54:32.844Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts."}, {"lang": "es", "value": "Una vulnerabilidad en mlflow/mlflow versi\u00f3n 2.11.1 permite a los atacantes crear m\u00faltiples modelos con el mismo nombre explotando la codificaci\u00f3n URL. Esta falla puede provocar una denegaci\u00f3n de servicio (DoS), ya que es posible que un usuario autenticado no pueda utilizar el modelo deseado, ya que abrir\u00e1 un modelo diferente cada vez. Adem\u00e1s, un atacante puede aprovechar esta vulnerabilidad para envenenar el modelo de datos creando un modelo con el mismo nombre, lo que podr\u00eda provocar que un usuario autenticado se convierta en v\u00edctima al utilizar el modelo envenenado. El problema surge de una validaci\u00f3n inadecuada de los nombres de los modelos, lo que permite la creaci\u00f3n de modelos con nombres codificados en URL que se tratan como distintos de sus hom\u00f3logos decodificados en URL."}], "id": "CVE-2024-3099", "lastModified": "2024-06-07T14:56:05.647", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-06-06T19:15:59.393", "references": [{"source": "security@huntr.dev", "url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-475"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}