AI PRP: Request CVE-2023-6014 MLflow Auth Bypasss Vulnerability

[maoning]

CVE-2023-6014: https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4/

Please read the rules of engagement first at #409.

[frkngksl]

Hi @maoning ,

I have submitted #407 two weeks ago, and currently, I'm not developing anything. I was thinking about taking this one, but should I wait for my current PR to be merged?

[tooryx]

Hi @frkngksl,

As mentioned in the rules of engagement (#409), you are free to pick one ML plugin that will take priority over your other contributions. So you are free to pick one without waiting on your other contributions to be merged.

I will assign this plugin to you.

~tooryx

[maoning]

Hi @frkngksl ,

Thank you for picking up this request! Please make sure the following items are completed before the plugin implementation:

• Conduct vulnerability research with a brief description of how the plugin would work
• Submit the vulnerable configuration of the target application to google/security-testbeds.

[frkngksl]

Hi @maoning , @tooryx ,

I sent the PR regarding to the vulnerable configuration to Security Testbeds repository. You can see it here

Vulnerability Research

MLFlow instances below the version 2.8.0 which use MLFlow UI or MLFlow Server have an authentication bypass vulnerability. Normally MLFlow requires authentication for user creation operations who are served under /mlflow/users/create API. However, due to coding mistake, prepending /api/2.0/ to those routes will allow access to an unauthenticated remote attacker in the vulnerable versions, namely /api/2.0/mlflow/users/create. There, unauthenticated attackers can create users by using this endpoint and reach the functionalities of MLflow.

Plugin Design

I tested this vulnerability with the original PoC, which was given by you, on the both vulnerable and fixed environments. In this PoC, it directly sends the new user and password information to the mentioned endpoint above. You can see the responses that were given for the user creation request from this endpoint from both vulnerable and fixed environment. (You can see the incoming response

Clearly, I can identify the vulnerability from the response by searching the string Successfully signed up user: ... . Therefore, I am planning to develop a plugin who generates user and password randomly and sends this information to the endpoint. After that, the plugin will check the both status code and response to determine the vulnerable environment.

[maoning]

Hi @frkngksl ,

Thank you for providing the detailed plugin design and submitting to Security Testbeds repo. Everything looks good. Please submit our participation form and you can start working on the development.

[frkngksl]

Hi @maoning , @tooryx ,

I've sent the PR as #438. Thanks in advance.

[frkngksl]

Also, I can help you for another AI PRP, but should I wait for this one to be completed?

[vsutedjo]

It would be great if you could wait for this one to be resolved! Shouldn't take too long now.

[vsutedjo]

Hi @frkngksl ,

Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made.

Thanks!

[frkngksl]

Thank you all for your help and kindness @vsutedjo, @maoning, @tooryx

[maoning]

@frkngksl Thanks for the contribution, your reward has been granted.