JFrog Security Research
< Back

JFSA-2024-000639017 - MLflow spark_udf localpriv

CVE-2024-27134

JFrog Severity:high

Discovered ByUriya Yavnieliof the JFrog Security Research Team

Published 23 Feb, 2024 | Last updated 23 Feb, 2024

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf.

mlflow

(,)

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.

Any MLflow code that uses spark_udf would be vulnerable to this issue, for example -

from pyspark.sql import SparkSession
spark = SparkSession.builder.appName('SparkFrog').getOrCreate()
predict = mlflow.pyfunc.spark_udf(spark, 'iris_model')

No mitigations are supplied for this issue

Fix PR

< Back