CVE-2023-6974 – This CVE describes a Server-Side Request Forger... (How to Fix)

Q: What is the severity of CVE-2023-6974?

CVE-2023-6974 has a CVSS score of 9.8 (CRITICAL). This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MLflow that allows attackers to make unauthorized requests to internal HTTP(s) servers. Attackers could potentially access sensitive internal services or achieve remote code execution in cloud environments like AWS instances. Organizations using vulnerable MLflow versions are affected.

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MLflow that allows attackers to make unauthorized requests to internal HTTP(s) servers. Attackers could potentially access sensitive internal services or achieve remote code execution in cloud environments like AWS instances. Organizations using vulnerable MLflow versions are affected.

💻 Affected Systems

Products:

MLflow

Versions: Versions before the fix commit 8174250f83352a04c2d42079f414759060458555

Operating Systems: All operating systems running MLflow

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability affects MLflow's tracking server functionality where user-supplied URLs are processed without proper validation.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on victim machines, particularly in cloud environments where internal metadata services could be accessed to obtain credentials and escalate privileges.

🟠

Likely Case

Unauthorized access to internal HTTP(s) services, potentially exposing sensitive data or enabling lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and egress filtering preventing access to internal services.

🌐 Internet-Facing: HIGH - MLflow servers exposed to the internet are directly vulnerable to SSRF attacks from external threat actors.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability to pivot to other internal services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the ability to interact with MLflow's API endpoints that process URLs. The vulnerability is well-documented in public bounty reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 8174250f83352a04c2d42079f414759060458555 and subsequent releases

Vendor Advisory: https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555

Restart Required: Yes

Instructions:

1. Update MLflow to a version containing the fix commit 8174250f83352a04c2d42079f414759060458555 or later. 2. Restart all MLflow services. 3. Verify the fix by checking the version and testing URL validation.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict MLflow server network access to prevent outbound requests to internal services

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Input Validation Proxy

all

Deploy a reverse proxy that validates and filters URL requests before they reach MLflow

🧯 If You Can't Patch

Implement strict network egress filtering to prevent MLflow servers from accessing internal HTTP(s) services
Deploy Web Application Firewall (WAF) rules to detect and block SSRF patterns in requests to MLflow endpoints

🔍 How to Verify

Check if Vulnerable:

Check if your MLflow version predates commit 8174250f83352a04c2d42079f414759060458555 by examining the git history or version number

Check Version:

mlflow --version

Verify Fix Applied:

Test URL validation by attempting to make requests to internal IP addresses (like 169.254.169.254) through MLflow's API endpoints

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from MLflow servers to internal IP addresses
Requests to cloud metadata endpoints (169.254.169.254, 169.254.170.2)

Network Indicators:

MLflow servers making HTTP requests to internal/private IP ranges
Requests to known cloud provider metadata services

SIEM Query:

source="mlflow.log" AND (dest_ip=169.254.169.254 OR dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16])

📊 Metadata

CVE ID: CVE-2023-6974

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: December 20, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555 Patch
https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393 Exploit,Third Party Advisory
https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555 Patch
https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6974, you might also want to check these: