CVE-2024-27134
📋 TL;DR
This vulnerability allows local attackers to escalate privileges on systems running MLflow when the spark_udf() API is called. Attackers can exploit improper directory permissions using a Time-of-Check-Time-of-Use (ToCToU) attack to gain elevated permissions. Only MLflow deployments using the spark_udf() functionality are affected.
💻 Affected Systems
- MLflow
📦 What is this software?
Mlflow by Lfprojects
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root/administrator privileges on the MLflow server, enabling complete system compromise, data theft, and lateral movement.
Likely Case
Local user with limited access gains elevated permissions to modify MLflow artifacts, configurations, or execute arbitrary code within the MLflow context.
If Mitigated
Attack fails due to proper access controls, containerization, or the spark_udf() API not being used in the deployment.
🎯 Exploit Status
Requires local access and exploitation of ToCToU race condition. The GitHub PR demonstrates the vulnerability but doesn't provide weaponized exploit code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version containing fix from PR #10874
Vendor Advisory: https://github.com/mlflow/mlflow/pull/10874
Restart Required: Yes
Instructions:
1. Update MLflow to version containing PR #10874 fix. 2. Restart MLflow services. 3. Verify spark_udf functionality still works as expected.
🔧 Temporary Workarounds
Disable spark_udf functionality
allPrevent use of the vulnerable spark_udf() API
Configure MLflow to not expose spark_udf endpoints
Remove spark_udf dependencies if not needed
Implement strict directory permissions
linuxManually set proper permissions on MLflow directories
chmod 700 /path/to/mlflow/directories
chown mlflow:mlflow /path/to/mlflow/directories
🧯 If You Can't Patch
- Restrict local access to MLflow servers to trusted users only
- Run MLflow in isolated containers with minimal privileges
🔍 How to Verify
Check if Vulnerable:
Check if MLflow version predates PR #10874 fix and spark_udf() is enabledCheck Version:
pip show mlflow | grep VersionVerify Fix Applied:
Verify MLflow version includes PR #10874 changes and test spark_udf functionality📡 Detection & Monitoring
Log Indicators:
- Multiple rapid file permission changes in MLflow directories
- Unexpected process execution from MLflow context
Network Indicators:
- N/A - local attack only
SIEM Query:
search 'mlflow' AND ('permission denied' OR 'access violation') near 'spark_udf' in logs