CVE-2024-9363
📋 TL;DR
An unauthenticated attacker can delete critical files like polyaxon.sock within Polyaxon containers, causing API containers to exit and leading to denial of service. This affects all Polyaxon deployments running vulnerable versions, disrupting the entire platform's functionality.
💻 Affected Systems
- Polyaxon
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete platform outage with all API containers terminated, preventing any ML workflow execution or management.
Likely Case
Service disruption affecting ML pipelines and API availability until containers are manually restarted.
If Mitigated
Limited impact if proper network segmentation and container isolation are implemented.
🎯 Exploit Status
Simple file deletion attack requiring minimal technical skill; no authentication or UUID parameters needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Polyaxon GitHub releases for latest patched version
Vendor Advisory: https://huntr.com/bounties/ec7b7e1d-795d-4414-93d5-9df35d2fd391
Restart Required: Yes
Instructions:
1. Update Polyaxon to latest patched version. 2. Restart all Polyaxon containers. 3. Verify API functionality is restored.
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to Polyaxon API endpoints to trusted sources only
iptables -A INPUT -p tcp --dport [POLYAXON_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [POLYAXON_PORT] -j DROP
Container File Protection
linuxMake critical files immutable or mount them as read-only
chattr +i /path/to/polyaxon.sock
docker run -v /host/path:/container/path:ro ...
🧯 If You Can't Patch
- Implement strict network segmentation to limit access to Polyaxon services
- Deploy monitoring to detect file deletion attempts and container restarts
🔍 How to Verify
Check if Vulnerable:
Test if unauthenticated requests can delete polyaxon.sock file in containersCheck Version:
polyaxon version or check container image tagsVerify Fix Applied:
Verify polyaxon.sock file cannot be deleted without proper authentication after update📡 Detection & Monitoring
Log Indicators:
- Unexpected container exits
- File deletion events for polyaxon.sock
- API connection failures
Network Indicators:
- Unusual DELETE requests to Polyaxon endpoints
- Traffic from unexpected sources to Polyaxon ports
SIEM Query:
source="polyaxon" AND ("container exited" OR "file deleted" OR "polyaxon.sock")