Description

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

INFO

Published Date :

2024-11-25T13:48:05.117Z

Last Modified :

2024-11-25T14:23:59.324Z

Source :

JFROG
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27134 vulnerability.

Vendors Products
Lfprojects
  • Mlflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-27134.

URL Resource
https://github.com/mlflow/mlflow/pull/10874 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact